UTT 进取 520W Buffer Overflow Vulnerability in formConfigDnsFilterGlobal

A buffer overflow vulnerability has been identified in the UTT Aggressive 520W router, specifically in the firmware version through 1.7.7-180627. The issue arises in the function 'strcpy' within the file '/goform/formConfigDnsFilterGlobal'. An attacker can exploit this vulnerability by manipulating the 'timeRangeName' parameter, leading to uncontrolled memory access. This vulnerability has been publicly disclosed and is known to be exploitable, potentially causing a denial-of-service condition on the device.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition by crashing the device or making it unresponsive.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formConfigDnsFilterGlobal' with a 'timeRangeName' parameter that contains a payload designed to overflow the buffer. The request must include a valid Digest authorization header.