CVE-2026-2080
Unknown Unknown - Not Provided
Command Injection in UTT HiPER 810 setSysAdm Function

Publication date: 2026-02-07

Last updated on: 2026-02-13

Assigner: VulDB

Description
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-13
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2080
EUVD
EUVD-2026-5733
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt 810_firmware 1.7.4-141218
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

CVE-2026-2080 is a critical command injection vulnerability found in UTT HiPER 810 version 1.7.4-141218. It affects the function setSysAdm within the file /goform/formUser. The vulnerability arises because the passwd1 argument is not properly sanitized, allowing an attacker to inject arbitrary commands.

This improper handling of input means that special characters can be used to manipulate the system commands executed by the device, leading to command injection.

The attack can be performed remotely but requires some level of authentication. The vulnerability is classified under CWE-77, indicating command construction using untrusted input without proper sanitization.

A proof-of-concept exploit is publicly available, and the vulnerability has been disclosed without any vendor response or mitigation.

Impact Analysis

This vulnerability allows a remote attacker with some authentication privileges to execute arbitrary operating system commands on the affected device with root privileges.

Successful exploitation can lead to full control over the device, compromising its confidentiality, integrity, and availability.

An attacker could disrupt device operations, steal sensitive information, or use the device as a foothold for further attacks within a network.

Because the exploit is publicly available and easy to use, the risk of exploitation is significant, especially since no vendor mitigation or patch has been provided.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the /goform/formUser endpoint for command injection via the passwd1 parameter. Since the vulnerability involves injection of shell metacharacters, sending crafted HTTP requests that include special characters (such as semicolons) in the passwd1 argument and observing unexpected command execution or responses can indicate the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'A practical approach is to use tools like curl or specialized vulnerability scanners to send requests to the affected endpoint with payloads designed to trigger command injection. For example, a curl command might look like this:'}, {'type': 'list_item', 'content': 'curl -X POST http://[target]/goform/formUser -d "passwd1=validpass;id"'}, {'type': 'paragraph', 'content': "If the response contains output from the injected command (e.g., the output of the 'id' command), it confirms the vulnerability. Note that successful exploitation requires authentication with elevated privileges."}] [1, 3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable device and interface, especially limiting remote access to trusted networks or IP addresses.

Since no vendor response or patch is available, it is recommended to replace the affected product or firmware version with a secure alternative if possible.

Additionally, monitor network traffic for suspicious activity targeting the /goform/formUser endpoint and consider implementing intrusion detection or prevention systems to block exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2080. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart