CVE-2026-2080
Published: 07 February 2026
Summary
CVE-2026-2080 is a high-severity Injection (CWE-74) vulnerability in Utt 810 Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in public web form (/goform/formUser) directly enables remote exploitation of the device web interface (T1190) and arbitrary Unix shell command execution (T1059.004).
NVD Description
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has…
more
been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-2080 is a command injection vulnerability in UTT HiPER 810 version 1.7.4-141218. The issue resides in the setSysAdm function within the /goform/formUser file, where manipulation of the passwd1 argument enables attackers to inject arbitrary commands. This flaw is classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability allows remote exploitation by users with high privileges (PR:H). An attacker who gains access to a privileged account can send a crafted request to the vulnerable endpoint, injecting commands via the passwd1 parameter. Successful exploitation grants high-impact control over confidentiality, integrity, and availability, potentially enabling full system compromise such as executing arbitrary code, escalating privileges further, or disrupting device operations.
Advisories from VulDB and a public GitHub repository detail the vulnerability, including reproduction steps, but no official patches or mitigations are available. The vendor was contacted early regarding the disclosure but provided no response. The exploit code has been publicly released, increasing the risk of active exploitation.
In notable context, the exploit is available on GitHub and may already be in use by attackers targeting exposed UTT HiPER 810 devices.
Details
- CWE(s)