Primary

Context

UTT Aggressive HiPER 520W Remote Command Execution Vulnerability

Vulnerability

A remote command execution vulnerability has been identified in the UTT Aggressive HiPER 520W router, specifically in versions through v3v1.7.7-180627. The vulnerability resides in the /goform/formDia component, where attackers can execute arbitrary commands by sending a crafted string. The exploitation involves manipulating the 'dialstr' parameter to inject commands, which are then executed on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/formDia endpoint. Include a crafted 'dialstr' parameter with the desired command injection. The request must be authorized using Digest authentication with valid credentials.

Added: Apr 6, 2026, 3:33 PM

Updated: Apr 6, 2026, 3:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UTT Aggressive HiPER 520W Remote Command Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating