CVE-2026-2188
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A command injection vulnerability in the UTT 进取 521G router allows remote attackers to execute arbitrary operating system commands by sending a specially crafted request. This is a serious flaw because it gives attackers direct control over the device.
Who is affected
Users of UTT 进取 521G version 3.1.1-190816 are affected. An attacker could fully compromise the router to steal data, disrupt network traffic, or use it as a foothold for further attacks.
Recommended fix
Immediately isolate the device from the internet if possible, as no official patch is mentioned. Contact the vendor (UTT) for a firmware update and monitor their security advisories for a fixed version.
Technical Description
A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-78, CWE-77