CVE Catalog
CVE-2026-52186
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.27%
18th percentile — higher than 18% of all known CVEs
Summary
SQL Injection vulnerability in UTT nv518G firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component.
Risk Assessment
An attacker can remotely execute arbitrary code on the system, leading to full device compromise, data theft, or network takeover.
Recommendation
Immediately update the firmware to the latest version and apply SQL query filtering in the gohead/sub_463bbc component.
Original NVD description (English source)
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

