| शीर्षक | UTT HiPER 1200GW <=v2.5.3-170306 Buffer Overflow |
|---|
| विवरण | Vulnerability Summary:
A critical stack-based buffer overflow vulnerability has been discovered in the UTT Aggressive HiPER 1200GW router, specifically within the /goform/formPptpClientConfig CGI handler. A remote attacker can trigger this vulnerability by sending a specially crafted HTTP request, leading to denial of service and potential remote code execution. The flaw stems from an unbounded strcpy call at a fixed stack offset.
Vulnerability Details:
The web management interface exposes /goform/formPptpClientConfig for configuring PPTP client settings. Within this handler, user-supplied input is processed and copied into a stack-based data structure without any length validation. The vulnerable code is:
strcpy((char *)(InstPointByIndex + 96), src_3);
The variable src_3 is directly derived from a specific POST parameter (such as a PPTP server address, username, password, or tunnel name field), and InstPointByIndex points to a structure allocated on the stack. The destination buffer starting at offset +96 has a fixed, limited capacity. Because no bounds check is performed prior to the strcpy, an attacker can supply an excessively long string that overflows beyond the intended buffer, corrupting adjacent stack data including saved return addresses, function pointers, and other control-flow metadata. |
|---|
| स्रोत | ⚠️ https://github.com/luozhibo-sec/cve/blob/main/10.md |
|---|
| उपयोगकर्ता | luozhibo (UID 97698) |
|---|
| सबमिशन | 03/05/2026 10:48 AM (1 महीना पहले) |
|---|
| संयम | 26/05/2026 07:25 PM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365684 [UTT HiPER 1200GW तक 2.5.3-170306 Web Management Interface formPptpClientConfig PPTP server address/username/password/tunnel name बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|