| शीर्षक | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow |
|---|
| विवरण | Extended Vulnerability Description
Vulnerability Summary:
A critical stack-based buffer overflow vulnerability has been identified in the UTT Aggressive HiPER 1250GW router, specifically within the /goform/formGroupConfig CGI handler. By manipulating the Profile parameter, a remote attacker can trigger an unbounded strcpy operation, leading to denial of service (device crash/reboot) and potential remote code execution.
Vulnerability Details:
The web management interface at /goform/formGroupConfig handles group configuration settings. User input from the Profile POST parameter is passed unsanitized to a strcpy call that copies data into a fixed-size stack buffer. The vulnerable code path is:
strcpy((char *)(InstPointByIndex + 446), src_1);
Here, src_1 is directly derived from the attacker-controlled Profile parameter, and InstPointByIndex references a structure allocated on the stack. The destination lies at offset +446 within this structure. No bounds checking is performed prior to the copy operation. By supplying an oversized Profile value, an attacker overflows past the intended buffer boundary, corrupting adjacent stack memory—including saved return addresses—and seizing control of program execution flow. |
|---|
| स्रोत | ⚠️ https://github.com/luozhibo-sec/cve/blob/main/12.md |
|---|
| उपयोगकर्ता | luozhibo (UID 97698) |
|---|
| सबमिशन | 03/05/2026 10:51 AM (1 महीना पहले) |
|---|
| संयम | 26/05/2026 07:49 PM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365741 [UTT HiPER 1250GW तक 3.2.7-210907-180535 Web Management Interface /goform/formGroupConfig strcpy प्रोफ़ाइल बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|