CVE-2026-2080
7.2 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A command injection vulnerability in the UTT HiPER 810 router's web interface allows attackers to execute arbitrary commands on the device by manipulating the administrator password field. This is a serious flaw because it can be exploited remotely over the network.
Who is affected
Users of UTT HiPER 810 router firmware version 1.7.4-141218 are affected. An attacker could gain full control of the router, potentially intercepting traffic, changing settings, or using it to attack other devices on the network.
Recommended fix
As the vendor has not provided a patch, users should immediately isolate the router from the internet (e.g., behind a firewall) and monitor for any official firmware update. If possible, consider replacing the device with a supported model.
Technical Description
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-77, CWE-74