Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 24, 2026

UTT HiPER 520 Web Management formReleaseConnect sub_44EFB4 os command injection

CVE-2026-2847

Description

A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploit is now public and may be used.

Affected products

Utt/HiPER 520llm-create
Range: = 1.7.7-160105
UTT/HiPER 520v5
Range: 1.7.7-160105

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE2.mdmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000