Cyber Resilience

CVE-2026-2135

MediumPublic PoC

Published: 08 February 2026

Published
08 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0385 88.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2135 is a medium-severity Injection (CWE-74) vulnerability in Utt 810 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2135 is a command injection vulnerability affecting UTT HiPER 810 version 1.7.4-141218. The issue resides in the function sub_43F020 within the file /goform/formPdbUpConfig, where manipulation of the policyNames argument enables command injection. It is associated with CWEs-74 and CWE-77 and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability allows remote exploitation by attackers possessing low privileges. Exploitation requires low complexity and no user interaction, enabling limited impacts on confidentiality, integrity, and availability, such as unauthorized command execution within the context of the affected component.

Advisories documented on VulDB and a GitHub repository detail the vulnerability, noting that the exploit is now public and may be used by attackers. No specific patches or mitigation steps are outlined in the available references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The…

more

exploit is now public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection vulnerability in web form (/goform/formPdbUpConfig) on network-accessible device enables exploitation of public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2118Same product: Utt 810
CVE-2026-2080Same product: Utt 810
CVE-2026-1162Same product: Utt 810
CVE-2025-70998Same product: Utt 810
CVE-2026-2182Same vendor: Utt
CVE-2025-13442Same vendor: Utt
CVE-2026-31059Same vendor: Utt
CVE-2026-2847Same vendor: Utt
CVE-2026-2846Same vendor: Utt
CVE-2026-2188Same vendor: Utt

Affected Assets

utt
810 firmware
1.7.4-141218

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements input validation mechanisms at the /goform/formPdbUpConfig entry point to block command injection via the policyNames argument.

prevent

Requires identification, reporting, and correction of the specific command injection flaw in sub_43F020 of /goform/formPdbUpConfig.

detect

Enables monitoring of system activities to identify exploitation attempts of the command injection vulnerability through anomalous behavior.

References