cha0yang1

8 exploits Active since Feb 2026
CVE-2025-70998 WRITEUP CRITICAL WRITEUP
UTT HiPER 810 v1.5.0-140603 - Auth Bypass
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
CVSS 9.8
CVE-2026-2686 WRITEUP CRITICAL WRITEUP
SECCN Dingcheng G10 3.1.0.181203 - Command Injection
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
CVE-2026-2080 WRITEUP HIGH WRITEUP
UTT HiPER 810 <1.7.4-141218 - Command Injection
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.2
CVE-2026-2118 WRITEUP HIGH WRITEUP
UTT HiPER 810 1.7.4-141218 - OS Command Injection via Isp_Name Argument
A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.2
CVE-2026-2135 WRITEUP MEDIUM WRITEUP
UTT HiPER 810 1.7.4-141218 - OS Command Injection via formPdbUpConfig policyNames Argument
A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2026-2182 WRITEUP HIGH WRITEUP
UTT 521G 3.1.1-190816 - OS Command Injection via setSysAdm passwd1 Parameter
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 7.2
CVE-2026-2188 WRITEUP HIGH WRITEUP
UTT 521G Firmware 3.1.1-190816 - OS Command Injection via policyNames Argument
A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.2
CVE-2026-2537 WRITEUP MEDIUM WRITEUP
Comfast CF-E4 2.6.0.1 - Command Injection
A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7