Cyber Posture

CVE-2026-2846

HighPublic PoCRCE

Published: 20 February 2026

Published
20 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2846 is a high-severity Command Injection (CWE-77) vulnerability in Utt 520 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation
addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection in the web management interface (formPdbUpConfig) directly enables remote exploitation of a public-facing application (T1190) for arbitrary command execution via Unix shell (T1059.004) on the embedded device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can…

more

be initiated remotely. The exploit has been disclosed publicly and may be used.

Deeper analysisAI

CVE-2026-2846 is an OS command injection vulnerability affecting UTT HiPER 520 version 1.7.7-160105. The issue resides in the function sub_44D264 within the file /goform/formPdbUpConfig of the Web Management Interface, where manipulation of the policyNames argument enables command injection. It is classified under CWE-77 and CWE-78, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-02-20.

An attacker with high privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary OS command execution on the affected device.

Advisories from VulDB (ctiid.347082, id.347082, submit.753964) and a GitHub repository (cha0yang1/UTT520CVE/blob/main/UTTRCE1.md) provide further details, including a publicly disclosed exploit that may be used in attacks.

Details

CWE(s)
CWE-77CWE-78

Affected Products

utt
520 firmware
1.7.7-160105

CVEs Like This One

CVE-2026-2847Same product: Utt 520
CVE-2026-2188Same vendor: Utt
CVE-2026-31059Same vendor: Utt
CVE-2025-13442Same vendor: Utt
CVE-2026-2135Same vendor: Utt
CVE-2026-2080Same vendor: Utt
CVE-2026-2118Same vendor: Utt
CVE-2026-2182Same vendor: Utt
CVE-2026-2175Shared CWE-77, CWE-78
CVE-2026-2210Shared CWE-77, CWE-78

References