Description
A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
Published: 2026-04-06
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

A crafted string sent to the /goform/formDia component of the UTT Aggressive HiPER 520W allows an attacker to execute arbitrary system commands, giving the attacker full control over the device. This classic command‑injection flaw (CWE‑77) can compromise confidentiality, integrity, and availability by enabling code execution, data exfiltration, and malicious configuration changes.

Affected Systems

The vulnerability impacts the UTT Aggressive HiPER 520W hardware model 520W running firmware version 1.7.7‑180627. The affected firmware is identified by the supplied CPE strings and is based on the 3.0 platform variant.

Risk and Exploitability

With a CVSS score of 9.8 the flaw is rated critical. The EPSS score of less than 1% indicates a very low probability of exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is a network‑based HTTP request to the exposed web interface; an attacker only needs to reach the device’s management port to exploit the flaw, after which arbitrary commands can be executed.

Generated by OpenCVE AI on April 8, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the UTT Aggressive HiPER 520W firmware to a version that removes the vulnerable /goform/formDia handler.
  • If no patch is available, restrict network access to the device’s web interface using firewall rules or VPNs to limit exposure.
  • Regularly check the vendor’s support site for new releases or security advisories.

Generated by OpenCVE AI on April 8, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Remote Command Execution via /goform/formDia in UTT Aggressive HiPER 520W

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Remote Command Execution in UTT Aggressive HiPER 520W /goform/formDia Component
Weaknesses CWE-78

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt 520w
Utt 520w Firmware
Weaknesses CWE-77
CPEs cpe:2.3:h:utt:520w:3.0:*:*:*:*:*:*:*
cpe:2.3:o:utt:520w_firmware:1.7.7-180627:*:*:*:*:*:*:*
Vendors & Products Utt 520w
Utt 520w Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Remote Command Execution in UTT Aggressive HiPER 520W /goform/formDia Component
First Time appeared Utt
Utt hiper 520w
Weaknesses CWE-78
Vendors & Products Utt
Utt hiper 520w

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
References

Subscriptions

Utt 520w 520w Firmware Hiper 520w
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-09T20:28:11.231Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31059

cve-icon Vulnrichment

Updated: 2026-04-09T17:54:36.849Z

cve-icon NVD

Status : Modified

Published: 2026-04-06T15:17:08.210

Modified: 2026-04-09T21:16:08.773

Link: CVE-2026-31059

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:09Z

Weaknesses