CVE-2026-2080 | UTT HiPER 810 1.7.4-141218 /goform/formUser setSysAdm passwd1 command injection

Inserito da Angelo Barbosa | Feb 6, 2026 | CVE

A vulnerability was found in UTT HiPER 810 1.7.4-141218. It has been rated as critical. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection.

This vulnerability is referenced as CVE-2026-2080. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2080 | UTT HiPER 810 1.7.4-141218 /goform/formUser setSysAdm passwd1 command injection

Post correlati

CVE-2024-45258 | req Package up to 3.43.3 on Go URL cleanHost missing initialization

CVE-2025-9588 | Iron Mountain Archiving Services enVision prior 250563 os command injection

CVE-2024-5492 | Citrix NetScaler ADC/NetScaler Gateway redirect (CTX677944)

CVE-2025-41748 | Phoenix Contact K1 up to 3.49 pxc_Dot1xCfg.php cross site scripting (VDE-2025-071)