| शीर्षक | UTT HiPER 520 nv520v3v1.7.7-160105 Command Injection |
|---|
| विवरण | Technical Summary: A critical OS command injection vulnerability was identified in the UTT HiPER 520 router (firmware nv520v3v1.7.7-160105). The vulnerability is located in the sub_44EFB4 function of the rehttpd binary, which handles requests to the /goform/formReleaseConnect endpoint.
Vulnerability Detail: The application uses websGetVar to retrieve the Isp_Name parameter. Although the program logic attempts to process this input, it fails to properly sanitize the string before passing it to a doSystem call (via sub_4407D4). Due to this insecure handling, an authenticated attacker can inject arbitrary shell commands using metacharacters (e.g., ;).
Exploit Proof: As demonstrated in the PoC, sending a POST request to /goform/formReleaseConnect with the payload delstr=&id=&Isp_Name=1;touch /tmp/2026-1-29&Isp_Type= results in the execution of the touch command on the underlying Linux system with root privileges. This confirms the ability to execute arbitrary code. |
|---|
| स्रोत | ⚠️ https://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE2.md |
|---|
| उपयोगकर्ता | Ruler-Chovy (UID 95098) |
|---|
| सबमिशन | 07/02/2026 11:30 AM (3 महीनों पहले) |
|---|
| संयम | 20/02/2026 09:00 AM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347083 [UTT HiPER 520 1.7.7-160105 Web Management Interface formReleaseConnect sub_44EFB4 Isp_Name अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|