CVE-2026-2847
Remote OS Command Injection in UTT HiPER 520 Web Interface
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 520_firmware | 1.7.7-160105 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2847 is a critical OS command injection vulnerability found in the UTT HiPER 520 device, version 1.7.7-160105, specifically within the Web Management Interface component.'}, {'type': 'paragraph', 'content': 'The vulnerability resides in the function sub_44EFB4 of the file /goform/formReleaseConnect and is triggered by manipulation of the argument "Isp_Name." This allows an attacker to inject and execute arbitrary operating system commands due to improper neutralization of special characters in the input.'}, {'type': 'paragraph', 'content': 'The attack can be launched remotely but requires authentication. The vulnerability corresponds to CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and is classified under MITRE ATT&CK technique T1202.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary operating system commands on the affected device with root privileges.
The impact affects the confidentiality, integrity, and availability of the system, potentially allowing attackers to take full control, disrupt services, or access sensitive information.
Since the exploit is publicly available, the risk of exploitation is high, and no known mitigations or patches currently exist.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted POST request to the /goform/formReleaseConnect endpoint with a specially crafted payload in the Isp_Name parameter to test for command injection.
For example, a command to test the vulnerability could be a POST request containing the payload: Isp_Name=1;touch /tmp/2026-1-29
If the command executes successfully, it will create a file /tmp/2026-1-29 on the device, indicating the presence of the vulnerability.
This detection requires authentication and can be performed using tools like curl or other HTTP clients to send the crafted POST request.
What immediate steps should I take to mitigate this vulnerability?
There are no known patches or fixes currently available for this vulnerability.
Immediate mitigation steps include replacing the affected product with an alternative device that is not vulnerable.
Additionally, restricting access to the Web Management Interface, especially limiting remote access and enforcing strong authentication, may reduce the risk of exploitation.