| 제목 | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow |
|---|
| 설명 | Vulnerability Summary:
A critical stack-based buffer overflow vulnerability exists in the UTT Aggressive HiPER 1250GW router, specifically within the /goform/formConfigFastDirectionW CGI handler. The vulnerability allows remote attackers to overwrite the stack by manipulating the Profile parameter, leading to denial of service (device crash/reboot) and potential remote code execution.
Vulnerability Details:
The web management interface exposes a CGI endpoint at /goform/formConfigFastDirectionW, which handles fast configuration direction settings. Within this handler, the Profile POST parameter is processed and ultimately passed to an unsafe strcpy() call that copies user input into a stack-located buffer without length validation.
The vulnerable code path:
strcpy((char *)(InstPointByIndex + 40), Var);
Here, Var is directly derived from the attacker-controlled Profile parameter, while InstPointByIndex points to a structure residing on the stack. The destination buffer is at offset +40 within this structure, and no bounds checking is performed before the copy operation. By supplying an excessively long Profile value, an attacker can overflow past the intended buffer boundary, corrupting adjacent stack memory including saved return addresses, function pointers, and other critical control data. |
|---|
| 원천 | ⚠️ https://github.com/zhouguobing-maker/cve/blob/main/11.md |
|---|
| 사용자 | zhouguobing (UID 97697) |
|---|
| 제출 | 2026. 05. 03. AM 10:25 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 26. PM 07:48 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 365740 [UTT HiPER 1250GW 까지 3.2.7-210907-180535 Web Management Interface formConfigFastDirectionW strcpy 프로필 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|