CVE Catalog

CVE-2026-52186

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

SQL Injection vulnerability in UTT nv518G firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component.

Risk Assessment

An attacker can remotely execute arbitrary code on the system, leading to full device compromise, data theft, or network takeover.

Recommendation

Immediately update the firmware to the latest version and apply SQL query filtering in the gohead/sub_463bbc component.

Original NVD description (English source)

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS