Impact
A critical SQL Injection flaw exists in the gohead/sub_463bbc component of the UTT nv518G firmware. The flaw enables a remote attacker to inject and execute arbitrary SQL commands, which can be leveraged to run arbitrary code on the device. The vulnerability is a classic input validation weakness, allowing an attacker to exploit the underlying database and gain full control over the target system.
Affected Systems
The affected product is the UTT nv518G (nv518GV3v3.2.7-210919-161313). No other vendors or versions are mentioned in the advisory.
Risk and Exploitability
No CVSS score is publicly available and the EPSS score is not provided, but the vulnerability has not been listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote access to the gohead/sub_463bbc endpoint via unauthenticated web requests. Because the flaw permits arbitrary code execution, the potential impact is severe and should be treated with high urgency.
OpenCVE Enrichment