UTT Aggressive 512W Buffer Overflow Vulnerability in the Endpoint /goform/formNatStaticMap

A buffer overflow vulnerability has been identified in the UTT Aggressive 512W router, affecting firmware versions through 3.1.7.7-171114. The vulnerability resides in the Endpoint component, specifically within the /goform/formNatStaticMap file. The issue arises because the strcpy function is used to copy the NatBind parameter without proper size validation, allowing for a buffer overflow. This vulnerability can be exploited remotely, without authentication, leading to memory corruption and potential denial-of-service conditions.

Impact

Exploitation of this vulnerability causes a buffer overflow, resulting in memory corruption and a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/formNatStaticMap endpoint. The request must include an oversized NatBind parameter value. When the Action parameter is not set, the router's application will use an unsafe strcpy function to copy the NatBind value into a fixed-size buffer, causing the buffer overflow.