Cyber Posture

CVE-2026-2188

HighPublic PoCRCE

Published: 08 February 2026

Published
08 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2188 is a high-severity Command Injection (CWE-77) vulnerability in Utt 521G Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation
addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection in web form (/goform) of network device enables remote exploitation of public-facing application and Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack…

more

remotely. The exploit has been publicly disclosed and may be utilized.

Deeper analysisAI

CVE-2026-2188 is an OS command injection vulnerability in UTT 进取 521G version 3.1.1-190816. The flaw affects the function sub_446B18 in the file /goform/formPdbUpConfig, where manipulation of the policyNames argument triggers the injection. It is associated with CWEs-77 and CWE-78 and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers possessing high privileges (PR:H). Exploitation requires low attack complexity with no user interaction, potentially granting high impacts on confidentiality, integrity, and availability, including arbitrary command execution on the device.

Advisories and related resources include a publicly disclosed exploit proof-of-concept at https://github.com/cha0yang1/UTT521G/blob/main/RCE2.md, which may be utilized for attacks. Further details are available via VulDB at https://vuldb.com/?ctiid.344891, https://vuldb.com/?id.344891, and https://vuldb.com/?submit.749733; these do not specify patches or mitigations in the provided information.

The CVE was published on 2026-02-08, and the exploit disclosure heightens real-world exploitation risk for unpatched UTT 进取 521G devices.

Details

CWE(s)
CWE-77CWE-78

Affected Products

utt
521g firmware
3.1.1-190816

CVEs Like This One

CVE-2026-2182Same product: Utt 521G
CVE-2026-2847Same vendor: Utt
CVE-2026-2846Same vendor: Utt
CVE-2026-31059Same vendor: Utt
CVE-2025-13442Same vendor: Utt
CVE-2026-2135Same vendor: Utt
CVE-2026-2080Same vendor: Utt
CVE-2026-2118Same vendor: Utt
CVE-2026-2175Shared CWE-77, CWE-78
CVE-2026-2210Shared CWE-77, CWE-78

References