CVE-2026-2188

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816

Description A flaw exists in the function sub 446B18 located in the file /goform/formPdbUpConfig. Manipulation of the policyNames argument can result in operating system command injection. This issue is potentially exploitable remotely. The exploit has been publicly disclosed.

Recommendations Apply mitigations to prevent manipulation of the policyNames argument in the sub 446B18 function of the /goform/formPdbUpConfig file.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2026-02484

CVE-2026-2188

Affected Products

Utt 进取 521G

CVE-2026-2188

Weakness Enumeration

Related Identifiers

Affected Products

References · 10