CVE 8.6 HIGH

UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection_CVE-2026-2846

February 20, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

UTT HiPER 520 Web Management Interface is vulnerable to os command injection via the manipulation of the argument policyNames in the function sub_44D264 of the file /goform/formPdbUpConfig, allowing remote attacks.

Basic Information

ID CVE-2026-2846

Source VulDB

Published Feb 20, 2026 at 15:32

Affected Product

Vendor UTT

Product HiPER 520

Version 1.7.7-160105

Affected Versions UTT HiPER 520 1.7.7-160105

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor UTT

Product HiPER 520

Version 1.7.7-160105

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-02-20T15:32:06.824Z",
    "modified": "2026-02-20T15:32:06.824Z",
    "type": "cve",
    "title": "UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.347082\nhttps://vuldb.com/?ctiid.347082\nhttps://vuldb.com/?submit.753964\nhttps://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE1.md",
    "id": "CVE-2026-2846",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "UTT HiPER 520 1.7.7-160105",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HiPER 520",
    "version": "1.7.7-160105",
    "vendor": "UTT",
    "ai_description": "UTT HiPER 520 Web Management Interface is vulnerable to os command injection via the manipulation of the argument policyNames in the function sub_44D264 of the file /goform/formPdbUpConfig, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "UTT",
    "ai_product": "HiPER 520",
    "ai_version": "1.7.7-160105",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply