CVE-2026-2080

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT HiPER 810 version 1.7.4-141218

Description A flaw exists in the setSysAdm function within the /goform/formUser file. Manipulating the passwd1 argument can lead to command injection. Remote exploitation is possible. The details of the exploit have been publicly disclosed. The vendor was informed of this disclosure but did not respond.

Recommendations Apply a fix for the vulnerability in the setSysAdm function within the /goform/formUser file. As a temporary workaround, restrict access to the setSysAdm function until a patch is available. Avoid using the passwd1 parameter in the /goform/formUser file until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-2080

Affected Products

Utt Hiper 810

CVE-2026-2080

Weakness Enumeration

Related Identifiers

Affected Products

References · 10