CVE-2026-2118 is a command injection vulnerability identified in UTT HiPER 810 firmware version 1.7.4-141218. The vulnerability resides in the function sub_4407D4 of the /goform/formReleaseConnect endpoint within the rehttpd component. Specifically, the vulnerability arises from improper sanitization of the Isp_Name parameter, which an attacker can manipulate to inject and execute arbitrary system commands remotely. The vulnerability is remotely exploitable without requiring user interaction or authentication, making it highly accessible to attackers. The CVSS 4.0 score is 8.6, reflecting its high severity due to network attack vector, low attack complexity, and no privileges or user interaction needed. Exploitation could allow attackers to gain control over the device, execute arbitrary commands, disrupt services, or pivot within a network. Although no active exploits have been reported in the wild, the public disclosure of exploit details increases the likelihood of exploitation attempts. The affected product, UTT HiPER 810, is used primarily in telecommunications and networking environments, where device compromise could lead to significant operational disruptions and data breaches. The vulnerability impacts confidentiality, integrity, and availability, as attackers can execute arbitrary commands that may lead to data exfiltration, system manipulation, or denial of service.

For European organizations, this vulnerability poses a significant risk, especially for telecommunications providers, ISPs, and enterprises relying on UTT HiPER 810 devices. Successful exploitation could lead to unauthorized command execution, resulting in potential data breaches, service outages, or lateral movement within corporate networks. The compromise of network infrastructure devices can disrupt critical communications and services, impacting business continuity and regulatory compliance, particularly under GDPR and NIS Directive requirements. Given the remote exploitability without authentication, attackers can target exposed devices over the internet or internal networks, increasing the attack surface. The public availability of exploit details further elevates the threat level, potentially leading to targeted attacks against European telecom infrastructure and enterprises using this product. Disruption or compromise of these devices could have cascading effects on dependent services and customers, amplifying the operational and reputational damage.

Organizations should immediately verify if they are running UTT HiPER 810 version 1.7.4-141218 and prioritize patching to the latest firmware version provided by UTT that addresses this vulnerability. If patches are not yet available, implement network-level controls such as firewall rules to restrict access to the /goform/formReleaseConnect endpoint, limiting it to trusted management networks only. Employ intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics to detect command injection attempts targeting the Isp_Name parameter. Conduct thorough network scans to identify exposed devices and isolate them until mitigated. Regularly audit device configurations and logs for anomalous commands or access patterns. Additionally, segment critical network infrastructure to reduce the impact of a compromised device and enforce strict access controls. Engage with UTT support channels for updates and guidance. Finally, incorporate this vulnerability into incident response plans to ensure rapid containment if exploitation is detected.