PT-2026-21024 · Unknown · Utt Hiper 520

Ruler-Chovy

Published

2026-02-20

Updated

2026-02-23

CVE-2026-2847

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT HiPER 520 version 1.7.7-160105

Description A flaw exists in the Web Management Interface component of UTT HiPER 520. Specifically, manipulating the Isp Name argument within the sub 44EFB4 function of the /goform/formReleaseConnect file can lead to operating system command injection. This allows for remote attacks. The exploit for this issue is publicly available.

Recommendations Apply a fix to the sub 44EFB4 function in the /goform/formReleaseConnect file to prevent manipulation of the Isp Name argument.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-2847

Affected Products

Utt Hiper 520

PT-2026-21024 · Unknown · Utt Hiper 520

CVE-2026-2847

Weakness Enumeration

Related Identifiers

Affected Products

References · 8