A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XUtt 810
HWUtt4.0Utt 810 Firmware
OSUtt1.7.4-141218
Related vulnerabilities
Domyślne dane logowania w firmware UTT HiPER 810 — dostęp root przez telnet
A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 ...
A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /...
W systemie UTT HiPER 810 w wersji 1.7.4-141218 wykryto podatność. Podatny element to funkcja sub_43F020 w plik...
RCE w UTT HiPER 520W — wykonanie dowolnych poleceń przez /goform/formDia