Primary

Context

UTT Aggressive 520W Remote Command Execution Vulnerability

Vulnerability

A remote command execution vulnerability has been identified in the UTT Aggressive 520W router, specifically in versions through v3v1.7.7-180627. The vulnerability resides in the '/goform/formReleaseConnect' component, where attackers can execute arbitrary commands by sending a crafted string. The exploitation involves manipulating the 'Isp_Name' parameter, which, if not empty, triggers the execution of commands via a system function.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formReleaseConnect' with a crafted 'Isp_Name' parameter. The value should include a command, such as 'ls', which will be executed on the router. Ensure that the request includes the necessary headers for authorization and content type.

Added: Apr 6, 2026, 3:29 PM

Updated: Apr 6, 2026, 3:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UTT Aggressive 520W Remote Command Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating