CVE-2026-2846

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT HiPER 520 version 1.7.7-160105

Description A security issue exists in UTT HiPER 520. The sub 44D264 function within the /goform/formPdbUpConfig file of the Web Management Interface is susceptible to operating system command injection. This occurs through manipulation of the policyNames argument, and the attack can be initiated remotely. The exploit for this issue has been publicly disclosed.

Recommendations Apply a fix to the sub 44D264 function in the /goform/formPdbUpConfig file to prevent manipulation of the policyNames argument.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-2846

Affected Products

Utt Hiper 520

CVE-2026-2846

Weakness Enumeration

Related Identifiers

Affected Products

References · 8