Description
A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
Published: 2026-04-06
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A remote command execution vulnerability exists in the /goform/formReleaseConnect component of the UTT Aggressive 520W. The flaw allows an attacker to inject a crafted string that is executed with the privileges of the device, enabling arbitrary system commands. This is a classic command injection weakness (CWE‑78) that would compromise confidentiality, integrity, and availability of the device and any systems it controls.

Affected Systems

The affected device is the UTT Aggressive 520W, version v3v1.7.7‑180627. No other vendor or product variants are listed, so this specific firmware release is the only known target.

Risk and Exploitability

The vulnerability is high impact because it grants full remote control of the device. No CVSS score or EPSS value is available, but the very nature of a remote code execution exploit indicates a high likelihood of exploitation if the device is exposed to untrusted networks. Attacks would be carried out by sending an HTTP request to the /goform/formReleaseConnect endpoint with a malicious payload. Because the device is a network appliance, there is a real possibility that it could be accessed by attackers on the local or remote network, making remediation urgent. The device does not appear on CISA's Known Exploited Vulnerabilities catalog, but the lack of a patch or workaround further increases the risk.

Generated by OpenCVE AI on April 6, 2026 at 17:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official vendor patch for UTT Aggressive 520W v3v1.7.7‑180627 as soon as it becomes available
  • If no patch is available, block or restrict access to the /goform/formReleaseConnect endpoint using a firewall, ACL, or web‑application gateway
  • Disable the formReleaseConnect function if the device firmware allows disabling this component
  • Monitor system logs and network traffic for unexpected command execution attempts or repeated access to the vulnerable endpoint

Generated by OpenCVE AI on April 6, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Remote Command Execution via formReleaseConnect in UTT Aggressive 520W
First Time appeared Utt
Utt 520w
Weaknesses CWE-20
CWE-78
Vendors & Products Utt
Utt 520w
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
References

Subscriptions

Utt 520w
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:56:28.177Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31067

cve-icon Vulnrichment

Updated: 2026-04-06T19:56:10.854Z

cve-icon NVD

Status : Received

Published: 2026-04-06T15:17:09.313

Modified: 2026-04-06T20:16:23.390

Link: CVE-2026-31067

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:50Z

Weaknesses