Vulnerabilities ›

CVE-2026-2118

High ⚡ Exploit Available

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation

CWE-74 — Weakness Type

                    Published: Feb 8, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.2

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

🤖 AI Executive Summary

CVE-2026-2118 is a command injection vulnerability in UTT HiPER 810 device version 1.7.4-141218 affecting the rehttpd component's formReleaseConnect function. Remote attackers can execute arbitrary commands by manipulating the Isp_Name parameter without authentication.

📄 Description (Arabic)

ثغرة حقن أوامر في جهاز UTT HiPER 810 الإصدار 1.7.4-141218 في مكون rehttpd تسمح بتنفيذ أوامر عشوائية عن بعد. يمكن للمهاجمين استغلال المعامل Isp_Name في دالة formReleaseConnect بدون الحاجة للمصادقة. تم الكشف عن الثغرة علناً مما يزيد من خطورتها.

🤖 ملخص تنفيذي (AI)

This vulnerability allows remote command execution on UTT HiPER 810 networking devices through parameter manipulation in the web interface. The flaw is particularly dangerous as it requires no authentication and has been publicly disclosed.

🤖 AI Intelligence Analysis Analyzed: May 9, 2026 04:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government energy

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1021

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update UTT HiPER 810 devices to the latest firmware version beyond 1.7.4-141218. If updates are unavailable, implement network segmentation to restrict access to the device's web interface, disable remote management features, and monitor for suspicious command execution patterns. Apply WAF rules to block malicious Isp_Name parameter values.

🔧 خطوات المعالجة (العربية)

قم بتحديث أجهزة UTT HiPER 810 فوراً إلى أحدث إصدار من البرامج الثابتة بعد الإصدار 1.7.4-141218. إذا لم تتوفر تحديثات، قم بتطبيق تقسيم الشبكة لتقييد الوصول إلى واجهة الويب للجهاز وتعطيل ميزات الإدارة البعيدة ومراقبة أنماط تنفيذ الأوامر المريبة. طبق قواعد جدار الحماية لحجب قيم معاملات Isp_Name الضارة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.2.2 5.3.1

🔵 SAMA CSF

ID.AM-2 PR.DS-6 DE.CM-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 5

🔗

https://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme1.md

cna@vuldb.com

Exploit Third Party Advisory

🔗

https://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme1.md#poc

cna@vuldb.com

Exploit Third Party Advisory

🔗

https://vuldb.com/?ctiid.344693

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.344693

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.746802

cna@vuldb.com

Third Party Advisory VDB Entry

📦 Affected Products / CPE 1 entries

utt:810_firmware:1.7.4-141218

📊 CVSS Score

7.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.2

CWECWE-74

EPSS0.40%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-08

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-2118

💬 Comments

Introduce Yourself

Sign In Required