| tiêu đề | UTT (艾泰) UTT521G NV521Gv2v3.1.1-190816 Command Injection |
|---|
| Mô tả | A critical security vulnerability has been discovered in the web management component of the AiTai (UTT) 521G router. The vulnerability exists in the backend setSysAdm handler. By manipulating the passwd1 parameter under the /goform/setSysAdm path, an attacker can exploit improper input validation to perform command injection. Since the system directly concatenates unfiltered user input into shell commands for execution, a remote attacker can leverage this to execute arbitrary system commands on affected devices, thereby gaining full Root privileges. |
|---|
| Nguồn | ⚠️ https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md |
|---|
| Người dùng | cha0yang (UID 94272) |
|---|
| Đệ trình | 31/01/2026 11:21 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 07/02/2026 16:23 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 344885 [UTT 进取 521G 3.1.1-190816 /goform/setSysAdm doSystem passwd1 nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|