| Название | UTT HiPER 1200GW <=v2.5.3-170306 Buffer Overflow |
|---|
| Описание | Vulnerability Summary:
A critical stack-based buffer overflow vulnerability has been discovered in the UTT Aggressive HiPER 1200GW router, specifically within the /goform/formPptpClientConfig CGI handler. A remote attacker can trigger this vulnerability by sending a specially crafted HTTP request, leading to denial of service and potential remote code execution. The flaw stems from an unbounded strcpy call at a fixed stack offset.
Vulnerability Details:
The web management interface exposes /goform/formPptpClientConfig for configuring PPTP client settings. Within this handler, user-supplied input is processed and copied into a stack-based data structure without any length validation. The vulnerable code is:
strcpy((char *)(InstPointByIndex + 96), src_3);
The variable src_3 is directly derived from a specific POST parameter (such as a PPTP server address, username, password, or tunnel name field), and InstPointByIndex points to a structure allocated on the stack. The destination buffer starting at offset +96 has a fixed, limited capacity. Because no bounds check is performed prior to the strcpy, an attacker can supply an excessively long string that overflows beyond the intended buffer, corrupting adjacent stack data including saved return addresses, function pointers, and other control-flow metadata. |
|---|
| Источник | ⚠️ https://github.com/luozhibo-sec/cve/blob/main/10.md |
|---|
| Пользователь | luozhibo (UID 97698) |
|---|
| Представление | 03.05.2026 10:48 (1 месяц назад) |
|---|
| Модерация | 26.05.2026 19:25 (23 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 365684 [UTT HiPER 1200GW до 2.5.3-170306 Web Management Interface formPptpClientConfig PPTP server address/username/password/tunnel name повреждение памяти] |
|---|
| Баллы | 20 |
|---|