Description
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
Published: 2026-07-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A critical SQL Injection flaw exists in the gohead/sub_463bbc component of the UTT nv518G firmware. The flaw enables a remote attacker to inject and execute arbitrary SQL commands, which can be leveraged to run arbitrary code on the device. The vulnerability is a classic input validation weakness, allowing an attacker to exploit the underlying database and gain full control over the target system.

Affected Systems

The affected product is the UTT nv518G (nv518GV3v3.2.7-210919-161313). No other vendors or versions are mentioned in the advisory.

Risk and Exploitability

No CVSS score is publicly available and the EPSS score is not provided, but the vulnerability has not been listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote access to the gohead/sub_463bbc endpoint via unauthenticated web requests. Because the flaw permits arbitrary code execution, the potential impact is severe and should be treated with high urgency.

Generated by OpenCVE AI on July 2, 2026 at 04:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify and apply any vendor‑released patch for the affected UTT nv518G firmware version 3.2.7-210919-161313.
  • Restrict network access to the gohead/sub_463bbc endpoint to trusted IP ranges or disable it if it is not required.
  • Implement input validation or a Web Application Firewall rule set that blocks anomalous SQL injection patterns targeting the gohead/sub_463bbc component.
  • Monitor database and web application logs for signs of SQL injection attempts and coordinate with incident response if suspicious activity is detected.

Generated by OpenCVE AI on July 2, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Title Remote SQL Injection Exploitation in UTT nv518G Leading to Arbitrary Code Execution
Weaknesses CWE-89

Thu, 02 Jul 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt nv518g
Vendors & Products Utt
Utt nv518g

Wed, 01 Jul 2026 22:15:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-01T21:42:58.190Z

Reserved: 2026-06-08T00:00:00.000Z

Link: CVE-2026-52186

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T04:15:04Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')