CVE-2026-2080 | UTT HiPER 810 1.7.4-141218 /goform/formUser setSysAdm passwd1 command injection

Inserito da Angelo Barbosa | Feb 6, 2026 | CVE

A vulnerability was found in UTT HiPER 810 1.7.4-141218. It has been rated as critical. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection.

This vulnerability is referenced as CVE-2026-2080. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2080 | UTT HiPER 810 1.7.4-141218 /goform/formUser setSysAdm passwd1 command injection

Post correlati

CVE-2024-24749 | GeoServer up to 2.23.4/2.24.2 path traversal (GHSA-jhqx-5v5g-mpf3)

CVE-2023-44252 | Fortinet FortiWAN up to 5.1.2/5.2.1 JWT Token improper authentication (FG-IR-23-061)

CVE-2023-6614 | Typecho 1.2.1 Page /admin/manage-pages.php backdoor

CVE-2025-7684 | Last.fm Recent Album Artwork Plugin up to 1.0.2 on WordPress Setting lastfm_albums_artwork.php cross-site request forgery