| Título | UTT (AiTai) Jinqi 750W <=v5v3.2.2-191225 Buffer Overflow |
|---|
| Descripción | An unauthenticated or authenticated attacker (depending on device access and auth configuration) can craft a malicious POST request to /goform/formPdbUpConfig with a specially crafted policyNames parameter. The parameter is processed without proper validation and is ultimately used in a formatted system call (e.g. doSystem("xx%s", Var);), which can cause buffer overflow and/or command execution, resulting in device crash (DoS) or possible remote code execution under certain conditions.
The /goform/formPdbUpConfig endpoint accepts a policyNames parameter. When policyNames is not All and is not empty, the request is routed into a subroutine (identified in analysis as sub_447588) which performs additional processing. Within this path, the application constructs or forwards strings into a system-level call using a formatted string that incorporates the unvalidated policyNames value.
This dangerous usage (for example doSystem("xx%s", Var);) means that user-controlled input can influence the format string or the command executed by the shell. If the input exceeds expected length limits, a buffer overflow can occur. If shell interpretation is involved (string passed to system() or shell-piping utilities), classic command injection becomes possible. |
|---|
| Fuente | ⚠️ https://github.com/alc9700jmo/CVE/issues/20 |
|---|
| Usuario | alc9700 (UID 79368) |
|---|
| Sumisión | 2025-11-04 12:25 (hace 6 meses) |
|---|
| Moderación | 2025-11-19 20:09 (15 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 333015 [UTT 进取 750W hasta 3.2.2-191225 /goform/formPdbUpConfig system policyNames escalada de privilegios] |
|---|
| Puntos | 20 |
|---|