UTT 进取 518G Buffer Overflow Vulnerability in Remote Control Function
Vulnerability
A buffer overflow vulnerability has been identified in the UTT 进取 518G router, affecting firmware versions through V3v3.2.7-210919-161313. The vulnerability arises in the function sub_4247AC within the file /goform/formRemoteControl. Exploitation involves manipulating the Profile argument, which can be done remotely. This vulnerability could lead to a denial-of-service condition or allow arbitrary command execution.
Impact
Exploitation of this vulnerability causes a buffer overflow, which can disrupt normal service operations or be leveraged to execute arbitrary commands on the device.
Reproduction
The vulnerability can be reproduced by sending a crafted HTTP POST request to the /goform/formRemoteControl endpoint. The request must include a Profile argument that is sufficiently long to overflow the buffer. This can be done using a web browser or a tool like curl, ensuring that the request is authorized with the appropriate Digest authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.