Description
A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.347082
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.347082
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.753964
Various Sources exploit
https://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE1.md
Scores
CVSS v3
7.2
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
CWE-78
Status
published
Products (1)
utt/520_firmware
1.7.7-160105
Published
Feb 20, 2026
Tracked Since
Feb 20, 2026