{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31059", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T14:52:39.144Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:52:39.144Z"}, "descriptions": [{"lang": "en", "value": "A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/zxq0408/Vul202601/blob/main/9.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string."}], "id": "CVE-2026-31059", "lastModified": "2026-04-06T15:17:08.210", "metrics": {}, "published": "2026-04-06T15:17:08.210", "references": [{"source": "cve@mitre.org", "url": "https://github.com/zxq0408/Vul202601/blob/main/9.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "v3v1.7.7-180627"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "hiper_520w", "vendor": "utt"}], "analysis": {"en": {"generated_at": "2026-04-06T17:28:30.524628+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update issued by UTT that removes the vulnerable /goform/formDia component.", "If a patch is not yet available, restrict network access to the device or block HTTP traffic to the /goform/formDia endpoint using a firewall or ACL.", "Verify that the vulnerability has been mitigated by performing a focused test or using a vulnerability scanner against the device.", "Monitor network traffic for attempts to exercise the vulnerable endpoint and look for execution logs that indicate unauthorized command runs."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Devices running UTT Aggressive HiPER 520W firmware version 3. v1.7.7-180627 are affected. No other versions are indicated as vulnerable in the current data, but the absence of further disclosure does not guarantee absence of similar issues in other releases.", "description_and_impact": "This vulnerability resides in the /goform/formDia component of UTT Aggressive HiPER 520W and allows an attacker to send a specially crafted string that causes the device to execute arbitrary operating\u2011system commands. The impact is therefore pronounced: an attacker who succeeds can compromise confidentiality, integrity, and availability of the device and any systems connected to it. The weakness is a classic Command Injection flaw (CWE\u201178).", "risk_and_exploitability": "The vulnerability is a high\u2011severity Remote Code Execution flaw that can be exploited remotely over the network using the device\u2019s web interface. While the CVSS score and EPSS probability are not available, the nature of the flaw denotes high risk. The vulnerability is not listed in CISA\u2019s KEV catalog, and the attack vector is inferred to be remote HTTP traffic to /goform/formDia."}}}}, "created": "2026-04-06T20:22:07.267587+00:00", "title": "Remote Command Execution in UTT Aggressive HiPER 520W /goform/formDia Component", "updated": "2026-04-06T21:47:58.008535+00:00", "vendors": ["utt", "utt$PRODUCT$hiper_520w"], "weaknesses": ["CWE-78"]}