Primary

Context

UTT 750W Buffer Overflow Vulnerability in FormPictureUrl Processing

Vulnerability

A buffer overflow vulnerability has been identified in the UTT 750W router, specifically in firmware versions through 3.2.2-191225. The issue arises in the file '/goform/formPictureUrl', where the 'importpictureurl' parameter can be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formPictureUrl' with a carefully crafted 'importpictureurl' parameter. The request must include appropriate headers for authorization and content type. The payload should be designed to overflow the buffer, which can be achieved by exceeding the expected length of the 'importpictureurl' parameter.

Added: Sep 9, 2025, 11:24 PM

Updated: Sep 9, 2025, 11:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UTT 750W Buffer Overflow Vulnerability in FormPictureUrl Processing

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating