Search
Find a vulnerability
Search criteria
4 vulnerabilities found for 进取 521G by UTT
CVE-2026-2188 (GCVE-0-2026-2188)
Vulnerability from nvd – Published: 2026-02-08 21:32 – Updated: 2026-02-23 09:50
VLAI
EPSS
VEX
Title
UTT 进取 521G formPdbUpConfig sub_446B18 os command injection
Summary
A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344891 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344891 | signaturepermissions-required |
| https://vuldb.com/?submit.749733 | third-party-advisory |
| https://github.com/cha0yang1/UTT521G/blob/main/RCE2.md | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2188",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T20:55:25.125781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T20:55:43.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\u8fdb\u53d6 521G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190816"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cha0yang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT \u8fdb\u53d6 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:50:07.937Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344891 | UTT \u8fdb\u53d6 521G formPdbUpConfig sub_446B18 os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344891"
},
{
"name": "VDB-344891 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344891"
},
{
"name": "Submit #749733 | UTT (\u827e\u6cf0) UTT521G NV521Gv2v3.1.1-190816 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749733"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cha0yang1/UTT521G/blob/main/RCE2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT \u8fdb\u53d6 521G formPdbUpConfig sub_446B18 os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2188",
"datePublished": "2026-02-08T21:32:06.327Z",
"dateReserved": "2026-02-07T17:18:03.705Z",
"dateUpdated": "2026-02-23T09:50:07.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2182 (GCVE-0-2026-2182)
Vulnerability from nvd – Published: 2026-02-08 20:02 – Updated: 2026-02-23 09:48
VLAI
EPSS
VEX
Title
UTT 进取 521G setSysAdm doSystem command injection
Summary
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344885 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344885 | signaturepermissions-required |
| https://vuldb.com/?submit.749712 | third-party-advisory |
| https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md | related |
| https://github.com/cha0yang1/UTT521G/blob/main/RC… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2182",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T21:00:19.524622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:00:27.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\u8fdb\u53d6 521G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190816"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cha0yang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in UTT \u8fdb\u53d6 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:48:42.899Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344885 | UTT \u8fdb\u53d6 521G setSysAdm doSystem command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344885"
},
{
"name": "VDB-344885 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344885"
},
{
"name": "Submit #749712 | UTT (\u827e\u6cf0) UTT521G NV521Gv2v3.1.1-190816 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749712"
},
{
"tags": [
"related"
],
"url": "https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT \u8fdb\u53d6 521G setSysAdm doSystem command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2182",
"datePublished": "2026-02-08T20:02:06.826Z",
"dateReserved": "2026-02-07T15:23:04.296Z",
"dateUpdated": "2026-02-23T09:48:42.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2188 (GCVE-0-2026-2188)
Vulnerability from cvelistv5 – Published: 2026-02-08 21:32 – Updated: 2026-02-23 09:50
VLAI
EPSS
VEX
Title
UTT 进取 521G formPdbUpConfig sub_446B18 os command injection
Summary
A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344891 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344891 | signaturepermissions-required |
| https://vuldb.com/?submit.749733 | third-party-advisory |
| https://github.com/cha0yang1/UTT521G/blob/main/RCE2.md | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2188",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T20:55:25.125781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T20:55:43.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\u8fdb\u53d6 521G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190816"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cha0yang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT \u8fdb\u53d6 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:50:07.937Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344891 | UTT \u8fdb\u53d6 521G formPdbUpConfig sub_446B18 os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344891"
},
{
"name": "VDB-344891 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344891"
},
{
"name": "Submit #749733 | UTT (\u827e\u6cf0) UTT521G NV521Gv2v3.1.1-190816 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749733"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cha0yang1/UTT521G/blob/main/RCE2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT \u8fdb\u53d6 521G formPdbUpConfig sub_446B18 os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2188",
"datePublished": "2026-02-08T21:32:06.327Z",
"dateReserved": "2026-02-07T17:18:03.705Z",
"dateUpdated": "2026-02-23T09:50:07.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2182 (GCVE-0-2026-2182)
Vulnerability from cvelistv5 – Published: 2026-02-08 20:02 – Updated: 2026-02-23 09:48
VLAI
EPSS
VEX
Title
UTT 进取 521G setSysAdm doSystem command injection
Summary
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344885 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344885 | signaturepermissions-required |
| https://vuldb.com/?submit.749712 | third-party-advisory |
| https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md | related |
| https://github.com/cha0yang1/UTT521G/blob/main/RC… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2182",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T21:00:19.524622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:00:27.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\u8fdb\u53d6 521G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190816"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cha0yang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in UTT \u8fdb\u53d6 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:48:42.899Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344885 | UTT \u8fdb\u53d6 521G setSysAdm doSystem command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344885"
},
{
"name": "VDB-344885 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344885"
},
{
"name": "Submit #749712 | UTT (\u827e\u6cf0) UTT521G NV521Gv2v3.1.1-190816 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749712"
},
{
"tags": [
"related"
],
"url": "https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT \u8fdb\u53d6 521G setSysAdm doSystem command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2182",
"datePublished": "2026-02-08T20:02:06.826Z",
"dateReserved": "2026-02-07T15:23:04.296Z",
"dateUpdated": "2026-02-23T09:48:42.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}