| tiêu đề | UTT HiPER 520 nv520v3v1.7.7-160105 Command Injection |
|---|
| Mô tả | A critical command injection vulnerability was discovered in the UTT HiPER 520 router with firmware version nv520v3v1.7.7-160105.
The issue is located in the web management interface's component /goform/formPdbUpConfig. The system fails to sanitize the user-supplied input in the policyNames POST parameter before passing it to a system shell command.
An authenticated remote attacker can exploit this by sending a crafted HTTP POST request. For example, injecting shell metacharacters such as a semicolon (;) followed by arbitrary OS commands (e.g., policyNames=AnyValue;whoami) allows for unauthorized command execution with root privileges.
This vulnerability can lead to a full system compromise, allowing attackers to intercept traffic, modify configurations, or maintain persistent access to the network. |
|---|
| Nguồn | ⚠️ https://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE1.md |
|---|
| Người dùng | Ruler-Chovy (UID 95098) |
|---|
| Đệ trình | 07/02/2026 11:20 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 20/02/2026 08:59 (13 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 347082 [UTT HiPER 520 1.7.7-160105 Web Management Interface /goform/formPdbUpConfig sub_44D264 policyNames nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|