CVE-2026-2118
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A command injection vulnerability in the UTT HiPER 810 router's web interface allows remote attackers to execute arbitrary commands on the device by sending a specially crafted request. This is a serious flaw because it gives attackers direct control over the router.
Who is affected
Users of UTT HiPER 810 routers with firmware version 1.7.4-141218 are affected. An attacker could take over the router, steal data, or use it to attack other devices on the network.
Recommended fix
Immediately check with the vendor (UTT) for a firmware update or security patch. If no patch is available, restrict access to the router's management interface to trusted networks only as a temporary mitigation.
Technical Description
A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-77, CWE-74