CVE-2026-2118 is a remote command injection vulnerability affecting UTT HiPER 810 devices running version 1.7.4-141218. The vulnerability resides in the sub_4407D4 function of the /goform/formReleaseConnect endpoint within the rehttpd component. Specifically, the Isp_Name parameter is improperly sanitized, allowing an attacker to inject and execute arbitrary system commands remotely. The vulnerability requires no user interaction and no authentication, making it highly exploitable over the network. The CVSS 4.0 base score is 8.6, reflecting its high severity due to the ease of exploitation and the potential for full system compromise. The vulnerability impacts confidentiality, integrity, and availability by enabling attackers to execute arbitrary commands, potentially leading to data theft, device manipulation, or denial of service. While no active exploitation has been reported, the public disclosure of exploit details increases the likelihood of attacks. The affected product is typically used in network environments where such devices provide connectivity or routing functions, making them attractive targets for attackers seeking persistent access or disruption capabilities.

The impact of CVE-2026-2118 is significant for organizations deploying UTT HiPER 810 devices, especially in network infrastructure roles. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary commands with high privileges. This can result in unauthorized data access, manipulation of device configurations, disruption of network services, or pivoting to other internal systems. The vulnerability threatens confidentiality by exposing sensitive information, integrity by allowing unauthorized changes, and availability by enabling denial-of-service conditions. Organizations relying on these devices for critical connectivity or operational technology may face operational disruptions, data breaches, and increased risk of lateral movement by attackers. The remote and unauthenticated nature of the exploit increases the attack surface and urgency for remediation.

To mitigate CVE-2026-2118, organizations should immediately verify if they are running the affected UTT HiPER 810 version 1.7.4-141218 and prioritize upgrading to a patched version once available from the vendor. In the absence of an official patch, network-level mitigations should be implemented, such as restricting access to the /goform/formReleaseConnect endpoint via firewall rules or network segmentation to limit exposure to trusted management networks only. Employ intrusion detection/prevention systems (IDS/IPS) with signatures targeting command injection attempts on this endpoint. Monitor device logs for unusual or unauthorized command execution patterns. Disable or restrict remote management interfaces if not required. Additionally, implement strict input validation and sanitization on the affected parameter if custom firmware or configuration options allow. Regularly audit and update device firmware and maintain an inventory of vulnerable assets to ensure timely response to emerging threats.