PT-2026-6898 · Unknown · Utt Hiper 810

Cha0Yang

Publicado

2026-02-07

Atualizado

2026-02-13

CVE-2026-2080

CVSS v2.0

8.3

Alta

Vetor

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT HiPER 810 version 1.7.4-141218

Description A flaw exists in the setSysAdm function within the /goform/formUser file. Manipulating the passwd1 argument can lead to command injection. Remote exploitation is possible. The details of the exploit have been publicly disclosed. The vendor was informed of this disclosure but did not respond.

Recommendations Apply a fix for the vulnerability in the setSysAdm function within the /goform/formUser file. As a temporary workaround, restrict access to the setSysAdm function until a patch is available. Avoid using the passwd1 parameter in the /goform/formUser file until the issue is resolved.

Exploit

Correção

Special Elements Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-77

Identificadores relacionados

CVE-2026-2080

Produtos afetados

Utt Hiper 810

PT-2026-6898 · Unknown · Utt Hiper 810

CVE-2026-2080

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10