CVE-2026-2080
Command Injection in UTT HiPER 810 setSysAdm Function
Publication date: 2026-02-07
Last updated on: 2026-02-13
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 810_firmware | 1.7.4-141218 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-2080 is a critical command injection vulnerability found in UTT HiPER 810 version 1.7.4-141218. It affects the function setSysAdm within the file /goform/formUser. The vulnerability arises because the passwd1 argument is not properly sanitized, allowing an attacker to inject arbitrary commands.
This improper handling of input means that special characters can be used to manipulate the system commands executed by the device, leading to command injection.
The attack can be performed remotely but requires some level of authentication. The vulnerability is classified under CWE-77, indicating command construction using untrusted input without proper sanitization.
A proof-of-concept exploit is publicly available, and the vulnerability has been disclosed without any vendor response or mitigation.
How can this vulnerability impact me? :
This vulnerability allows a remote attacker with some authentication privileges to execute arbitrary operating system commands on the affected device with root privileges.
Successful exploitation can lead to full control over the device, compromising its confidentiality, integrity, and availability.
An attacker could disrupt device operations, steal sensitive information, or use the device as a foothold for further attacks within a network.
Because the exploit is publicly available and easy to use, the risk of exploitation is significant, especially since no vendor mitigation or patch has been provided.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the /goform/formUser endpoint for command injection via the passwd1 parameter. Since the vulnerability involves injection of shell metacharacters, sending crafted HTTP requests that include special characters (such as semicolons) in the passwd1 argument and observing unexpected command execution or responses can indicate the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'A practical approach is to use tools like curl or specialized vulnerability scanners to send requests to the affected endpoint with payloads designed to trigger command injection. For example, a curl command might look like this:'}, {'type': 'list_item', 'content': 'curl -X POST http://[target]/goform/formUser -d "passwd1=validpass;id"'}, {'type': 'paragraph', 'content': "If the response contains output from the injected command (e.g., the output of the 'id' command), it confirms the vulnerability. Note that successful exploitation requires authentication with elevated privileges."}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable device and interface, especially limiting remote access to trusted networks or IP addresses.
Since no vendor response or patch is available, it is recommended to replace the affected product or firmware version with a secure alternative if possible.
Additionally, monitor network traffic for suspicious activity targeting the /goform/formUser endpoint and consider implementing intrusion detection or prevention systems to block exploitation attempts.