| عنوان | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow |
|---|
| الوصف | Vulnerability Summary:
A critical stack-based buffer overflow vulnerability exists in the UTT Aggressive HiPER 1250GW router, specifically within the /goform/formConfigFastDirectionW CGI handler. The vulnerability allows remote attackers to overwrite the stack by manipulating the Profile parameter, leading to denial of service (device crash/reboot) and potential remote code execution.
Vulnerability Details:
The web management interface exposes a CGI endpoint at /goform/formConfigFastDirectionW, which handles fast configuration direction settings. Within this handler, the Profile POST parameter is processed and ultimately passed to an unsafe strcpy() call that copies user input into a stack-located buffer without length validation.
The vulnerable code path:
strcpy((char *)(InstPointByIndex + 40), Var);
Here, Var is directly derived from the attacker-controlled Profile parameter, while InstPointByIndex points to a structure residing on the stack. The destination buffer is at offset +40 within this structure, and no bounds checking is performed before the copy operation. By supplying an excessively long Profile value, an attacker can overflow past the intended buffer boundary, corrupting adjacent stack memory including saved return addresses, function pointers, and other critical control data. |
|---|
| المصدر | ⚠️ https://github.com/zhouguobing-maker/cve/blob/main/11.md |
|---|
| المستخدم | zhouguobing (UID 97697) |
|---|
| ارسال | 03/05/2026 10:25 AM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 07:48 PM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365740 [UTT HiPER 1250GW حتى 3.2.7-210907-180535 Web Management Interface formConfigFastDirectionW strcpy البروفايل تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|