CVE 8.6 HIGH

UTT HiPER 520 Web Management formReleaseConnect sub_44EFB4 os command injection_CVE-2026-2847

February 20, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploit is now public and may be used.

AI Analysis

UTT HiPER 520 Web Management Interface is vulnerable to os command injection via the Isp_Name argument in the sub_44EFB4 function, allowing remote attackers to execute arbitrary commands.

Basic Information

ID CVE-2026-2847

Source VulDB

Published Feb 20, 2026 at 15:32

Affected Product

Vendor UTT

Product HiPER 520

Version 1.7.7-160105

Affected Versions UTT HiPER 520 1.7.7-160105

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor UTT

Product HiPER 520

Version 1.7.7-160105

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploit is now public and may be used.",
    "published": "2026-02-20T15:32:08.557Z",
    "modified": "2026-02-20T15:32:08.557Z",
    "type": "cve",
    "title": "UTT HiPER 520 Web Management formReleaseConnect sub_44EFB4 os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.347083\nhttps://vuldb.com/?ctiid.347083\nhttps://vuldb.com/?submit.753965\nhttps://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE2.md",
    "id": "CVE-2026-2847",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "UTT HiPER 520 1.7.7-160105",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HiPER 520",
    "version": "1.7.7-160105",
    "vendor": "UTT",
    "ai_description": "UTT HiPER 520 Web Management Interface is vulnerable to os command injection via the Isp_Name argument in the sub_44EFB4 function, allowing remote attackers to execute arbitrary commands.",
    "ai_severity": "High",
    "ai_vendor": "UTT",
    "ai_product": "HiPER 520",
    "ai_version": "1.7.7-160105",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply