CVE-2026-31059
Received Received - Intake
Remote Command Execution in UTT Aggressive HiPER 520W /goform/formDia

Publication date: 2026-04-06

Last updated on: 2026-04-09

Assigner: MITRE

Description
A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31059
EUVD
EUVD-2026-19253
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt 520w_firmware 1.7.7-180627
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31059 is a critical remote command execution vulnerability in the UTT Aggressive 520W router's firmware up to version v3v1.7.7-180627. It exists in the /goform/formDia API endpoint, where the router improperly handles user-supplied input in the dialstr parameter. An attacker can send a specially crafted POST request that injects arbitrary system commands due to insufficient input sanitization. This allows execution of commands with the privileges of the router's web service.

Impact Analysis

This vulnerability allows an attacker with access to the router's web interface to execute arbitrary system commands. This can lead to full system compromise, including unauthorized access, data manipulation, or disruption of network services. The attacker could potentially control the router, intercept or modify network traffic, and use the device as a foothold for further attacks within the network.

Detection Guidance

This vulnerability can be detected by sending a specially crafted POST request to the router's /goform/formDia endpoint, targeting the dialstr parameter to check for command injection.

For example, a proof-of-concept command involves sending a POST request with dialstr=;ls > /etc_ro/web/1.txt; which executes the ls command and writes the output to a file on the router's filesystem.

  • Use a tool like curl to send the POST request: curl -X POST http://<router-ip>/goform/formDia -d 'dialstr=;ls > /etc_ro/web/1.txt;'
  • Check the router's filesystem (e.g., /etc_ro/web/1.txt) to verify if the command output file was created, indicating successful command execution.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the CVE-2026-31059 vulnerability, immediate steps include restricting access to the router's web interface to trusted users only, as the vulnerability requires access to the web interface.

Avoid using vulnerable firmware versions up to and including v3v1.7.7-180627. Check the vendor's official website for updated firmware versions that address this issue and apply the latest patches as soon as they become available.

Monitor the router for any unusual activity or unauthorized command executions, as attackers can exploit the vulnerability to execute arbitrary system commands.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31059. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart