CVE-2026-2080 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2026-2080?

CVE-2026-2080 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by injecting malicious input into the password parameter of the setSysAdm function. Attackers can gain full control of affected devices without authentication. All users running the vulnerable firmware version are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by injecting malicious input into the password parameter of the setSysAdm function. Attackers can gain full control of affected devices without authentication. All users running the vulnerable firmware version are at risk.

💻 Affected Systems

Products:

UTT HiPER 810

Versions: 1.7.4-141218

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

810 Firmware by Utt

View all CVEs affecting 810 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to network takeover, data interception, lateral movement to internal systems, and persistent backdoor installation.

🟠

Likely Case

Router compromise allowing traffic monitoring, credential theft, and use as a pivot point for internal network attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound rules, though internal attacks remain possible.

🌐 Internet-Facing: HIGH - Remote exploitation is possible, making internet-facing devices immediate targets.

🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by any network user to compromise the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists in GitHub repository. Remote exploitation requires no authentication. Simple command injection via password parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or replacement.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate HiPER 810 routers in separate VLAN with strict access controls

Access Restriction

linux

Block external access to router management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s trusted_networks -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace affected routers with supported models from different vendors
Implement strict network monitoring for unusual router traffic or configuration changes

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at System > System Info. If version is 1.7.4-141218, device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getSysInfo | grep version

Verify Fix Applied:

No fix available to verify. Consider verifying workarounds by testing external access to port 80/443.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/formUser with shell metacharacters in parameters
System log entries showing unexpected command execution

Network Indicators:

Outbound connections from router to unusual destinations
Sudden changes in router configuration

SIEM Query:

source="router_logs" AND uri="/goform/formUser" AND (param="passwd1" AND value MATCHES "[;&|`$()]+")

📊 Metadata

CVE ID: CVE-2026-2080

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

EPSS Score: 0.4% exploit probability (60.1th percentile)

Published: February 7, 2026

Last Updated: February 13, 2026

🔗 References

https://github.com/cha0yang1/UTT810CVE/blob/main/README.md Exploit,Third Party Advisory
https://github.com/cha0yang1/UTT810CVE/blob/main/README.md#reproduction-steps Exploit,Third Party Advisory
https://vuldb.com/?ctiid.344646 Permissions Required,VDB Entry
https://vuldb.com/?id.344646 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.745521 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2080, you might also want to check these: