CVE-2026-2182

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816

Description A flaw exists in the doSystem function within the /goform/setSysAdm file. Manipulation of the passwd1 argument can result in command injection. This issue may be exploited remotely. The exploit is publicly available.

Recommendations Apply updates to address the vulnerability in the doSystem function. As a temporary workaround, restrict access to the /goform/setSysAdm file. Avoid using the passwd1 argument in the affected function until the issue is resolved.

Exploit

Fix

DoS

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-2182

Affected Products

Utt 进取 521G

CVE-2026-2182

Weakness Enumeration

Related Identifiers

Affected Products

References · 10