Description
A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
Published: 2026-04-06
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

This vulnerability resides in the /goform/formDia component of UTT Aggressive HiPER 520W and allows an attacker to send a specially crafted string that causes the device to execute arbitrary operating‑system commands. The impact is therefore pronounced: an attacker who succeeds can compromise confidentiality, integrity, and availability of the device and any systems connected to it. The weakness is a classic Command Injection flaw (CWE‑78).

Affected Systems

Devices running UTT Aggressive HiPER 520W firmware version 3. v1.7.7-180627 are affected. No other versions are indicated as vulnerable in the current data, but the absence of further disclosure does not guarantee absence of similar issues in other releases.

Risk and Exploitability

The vulnerability is a high‑severity Remote Code Execution flaw that can be exploited remotely over the network using the device’s web interface. While the CVSS score and EPSS probability are not available, the nature of the flaw denotes high risk. The vulnerability is not listed in CISA’s KEV catalog, and the attack vector is inferred to be remote HTTP traffic to /goform/formDia.

Generated by OpenCVE AI on April 6, 2026 at 17:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update issued by UTT that removes the vulnerable /goform/formDia component.
  • If a patch is not yet available, restrict network access to the device or block HTTP traffic to the /goform/formDia endpoint using a firewall or ACL.
  • Verify that the vulnerability has been mitigated by performing a focused test or using a vulnerability scanner against the device.
  • Monitor network traffic for attempts to exercise the vulnerable endpoint and look for execution logs that indicate unauthorized command runs.

Generated by OpenCVE AI on April 6, 2026 at 17:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Remote Command Execution in UTT Aggressive HiPER 520W /goform/formDia Component
First Time appeared Utt
Utt hiper 520w
Weaknesses CWE-78
Vendors & Products Utt
Utt hiper 520w

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
References

Subscriptions

Utt Hiper 520w
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T14:52:39.144Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31059

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-06T15:17:08.210

Modified: 2026-04-06T15:17:08.210

Link: CVE-2026-31059

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:58Z

Weaknesses