HIGHCVE-2026-2188Published 2026-02-08Modified 2026-02-23CNA VulDB

CVE-2026-2188: UTT 进取 521G formPdbUpConfig sub_446B18 os command injection

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

UTT / 进取 521G
3.1.1-190816

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-344891 | UTT 进取 521G formPdbUpConfig sub_446B18 os command injection
VDB-344891 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #749733 | UTT (艾泰) UTT521G NV521Gv2v3.1.1-190816 Command Injection
github.com

Metrics