CVE-2026-2182
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A command injection vulnerability in the UTT 进取 521G router allows attackers to run arbitrary commands on the device by manipulating the password field. This is a serious flaw because it can be exploited remotely over the network.
Who is affected
Users of UTT 进取 521G firmware version 3.1.1-190816 are affected. An attacker could take full control of the router, steal data, or use it to launch further attacks.
Recommended fix
Immediately update the router firmware to a patched version provided by the vendor. If no patch is available, restrict network access to the device's administrative interface.
Technical Description
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-77, CWE-74