| शीर्षक | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow |
|---|
| विवरण | Vulnerability Summary:
A critical stack-based buffer overflow vulnerability exists in the UTT Aggressive HiPER 1250GW router, specifically within the /goform/formConfigFastDirectionW CGI handler. The vulnerability allows remote attackers to overwrite the stack by manipulating the Profile parameter, leading to denial of service (device crash/reboot) and potential remote code execution.
Vulnerability Details:
The web management interface exposes a CGI endpoint at /goform/formConfigFastDirectionW, which handles fast configuration direction settings. Within this handler, the Profile POST parameter is processed and ultimately passed to an unsafe strcpy() call that copies user input into a stack-located buffer without length validation.
The vulnerable code path:
strcpy((char *)(InstPointByIndex + 40), Var);
Here, Var is directly derived from the attacker-controlled Profile parameter, while InstPointByIndex points to a structure residing on the stack. The destination buffer is at offset +40 within this structure, and no bounds checking is performed before the copy operation. By supplying an excessively long Profile value, an attacker can overflow past the intended buffer boundary, corrupting adjacent stack memory including saved return addresses, function pointers, and other critical control data. |
|---|
| स्रोत | ⚠️ https://github.com/zhouguobing-maker/cve/blob/main/11.md |
|---|
| उपयोगकर्ता | zhouguobing (UID 97697) |
|---|
| सबमिशन | 03/05/2026 10:25 AM (1 महीना पहले) |
|---|
| संयम | 26/05/2026 07:48 PM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365740 [UTT HiPER 1250GW तक 3.2.7-210907-180535 Web Management Interface formConfigFastDirectionW strcpy प्रोफ़ाइल बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|