CVE-2026-31059
Remote Command Execution in UTT Aggressive HiPER 520W /goform/formDia
Publication date: 2026-04-06
Last updated on: 2026-04-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 520w_firmware | 1.7.7-180627 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31059 is a critical remote command execution vulnerability in the UTT Aggressive 520W router's firmware up to version v3v1.7.7-180627. It exists in the /goform/formDia API endpoint, where the router improperly handles user-supplied input in the dialstr parameter. An attacker can send a specially crafted POST request that injects arbitrary system commands due to insufficient input sanitization. This allows execution of commands with the privileges of the router's web service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability allows an attacker with access to the router's web interface to execute arbitrary system commands. This can lead to full system compromise, including unauthorized access, data manipulation, or disruption of network services. The attacker could potentially control the router, intercept or modify network traffic, and use the device as a foothold for further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-31059 vulnerability, immediate steps include restricting access to the router's web interface to trusted users only, as the vulnerability requires access to the web interface.
Avoid using vulnerable firmware versions up to and including v3v1.7.7-180627. Check the vendor's official website for updated firmware versions that address this issue and apply the latest patches as soon as they become available.
Monitor the router for any unusual activity or unauthorized command executions, as attackers can exploit the vulnerability to execute arbitrary system commands.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the router's /goform/formDia endpoint, targeting the dialstr parameter to check for command injection.
For example, a proof-of-concept command involves sending a POST request with dialstr=;ls > /etc_ro/web/1.txt; which executes the ls command and writes the output to a file on the router's filesystem.
- Use a tool like curl to send the POST request: curl -X POST http://<router-ip>/goform/formDia -d 'dialstr=;ls > /etc_ro/web/1.txt;'
- Check the router's filesystem (e.g., /etc_ro/web/1.txt) to verify if the command output file was created, indicating successful command execution.