| Título | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow |
|---|
| Descrição | Extended Vulnerability Description
Vulnerability Summary:
A critical stack-based buffer overflow vulnerability has been identified in the UTT Aggressive HiPER 1250GW router, specifically within the /goform/formGroupConfig CGI handler. By manipulating the Profile parameter, a remote attacker can trigger an unbounded strcpy operation, leading to denial of service (device crash/reboot) and potential remote code execution.
Vulnerability Details:
The web management interface at /goform/formGroupConfig handles group configuration settings. User input from the Profile POST parameter is passed unsanitized to a strcpy call that copies data into a fixed-size stack buffer. The vulnerable code path is:
strcpy((char *)(InstPointByIndex + 446), src_1);
Here, src_1 is directly derived from the attacker-controlled Profile parameter, and InstPointByIndex references a structure allocated on the stack. The destination lies at offset +446 within this structure. No bounds checking is performed prior to the copy operation. By supplying an oversized Profile value, an attacker overflows past the intended buffer boundary, corrupting adjacent stack memory—including saved return addresses—and seizing control of program execution flow. |
|---|
| Fonte | ⚠️ https://github.com/luozhibo-sec/cve/blob/main/12.md |
|---|
| Utilizador | luozhibo (UID 97698) |
|---|
| Submissão | 03/05/2026 10h51 (há 1 mês) |
|---|
| Moderação | 26/05/2026 19h49 (23 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 365741 [UTT HiPER 1250GW até 3.2.7-210907-180535 Web Management Interface /goform/formGroupConfig strcpy Perfil Excesso de tampão] |
|---|
| Pontos | 20 |
|---|