CVE-2026-2080
Published: 07 February 2026
Summary
CVE-2026-2080 is a high-severity Injection (CWE-74) vulnerability in Utt 810 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-2080 is a command injection vulnerability in UTT HiPER 810 version 1.7.4-141218. The issue resides in the setSysAdm function within the /goform/formUser file, where manipulation of the passwd1 argument enables attackers to inject arbitrary commands. This flaw is classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability allows remote exploitation by users with high privileges (PR:H). An attacker who gains access to a privileged account can send a crafted request to the vulnerable endpoint, injecting commands via the passwd1 parameter. Successful exploitation grants high-impact control over confidentiality, integrity, and availability, potentially enabling full system compromise such as executing arbitrary code, escalating privileges further, or disrupting device operations.
Advisories from VulDB and a public GitHub repository detail the vulnerability, including reproduction steps, but no official patches or mitigations are available. The vendor was contacted early regarding the disclosure but provided no response. The exploit code has been publicly released, increasing the risk of active exploitation.
In notable context, the exploit is available on GitHub and may already be in use by attackers targeting exposed UTT HiPER 810 devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5733
Vulnerability details
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has…
more
been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in public web form (/goform/formUser) directly enables remote exploitation of the device web interface (T1190) and arbitrary Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks command injection by validating/sanitizing the passwd1 argument before it reaches setSysAdm in /goform/formUser.
Limits the high-privilege accounts (PR:H) that can reach the vulnerable endpoint, reducing the attack surface for remote exploitation.
Disables or restricts the unnecessary formUser/setSysAdm functionality that enables unauthenticated command execution on the device.