| Titel | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow |
|---|
| Beschreibung | Vulnerability Summary:
A critical stack-based buffer overflow vulnerability exists in the UTT Aggressive HiPER 1250GW router, specifically within the /goform/formConfigFastDirectionW CGI handler. The vulnerability allows remote attackers to overwrite the stack by manipulating the Profile parameter, leading to denial of service (device crash/reboot) and potential remote code execution.
Vulnerability Details:
The web management interface exposes a CGI endpoint at /goform/formConfigFastDirectionW, which handles fast configuration direction settings. Within this handler, the Profile POST parameter is processed and ultimately passed to an unsafe strcpy() call that copies user input into a stack-located buffer without length validation.
The vulnerable code path:
strcpy((char *)(InstPointByIndex + 40), Var);
Here, Var is directly derived from the attacker-controlled Profile parameter, while InstPointByIndex points to a structure residing on the stack. The destination buffer is at offset +40 within this structure, and no bounds checking is performed before the copy operation. By supplying an excessively long Profile value, an attacker can overflow past the intended buffer boundary, corrupting adjacent stack memory including saved return addresses, function pointers, and other critical control data. |
|---|
| Quelle | ⚠️ https://github.com/zhouguobing-maker/cve/blob/main/11.md |
|---|
| Benutzer | zhouguobing (UID 97697) |
|---|
| Einreichung | 03.05.2026 10:25 (vor 1 Monat) |
|---|
| Moderieren | 26.05.2026 19:48 (23 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 365740 [UTT HiPER 1250GW bis 3.2.7-210907-180535 Web Management Interface formConfigFastDirectionW strcpy Profil Pufferüberlauf] |
|---|
| Punkte | 20 |
|---|