HIGHCVE-2026-2182Published 2026-02-08Modified 2026-02-23CNA VulDB

CVE-2026-2182: UTT 进取 521G setSysAdm doSystem command injection

A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

UTT / 进取 521G
3.1.1-190816

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-344885 | UTT 进取 521G setSysAdm doSystem command injection
VDB-344885 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #749712 | UTT (艾泰) UTT521G NV521Gv2v3.1.1-190816 Command Injection
github.com
github.com

Metrics