CVE-2026-2182

EUVD-2026-5768
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
7.2 HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
utt521g_firmware
3.1.1-190816
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md
https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md#poc
https://vuldb.com/?ctiid.344885
https://vuldb.com/?id.344885
https://vuldb.com/?submit.749712