Primary

Context

UTT HiPER 840G Buffer Overflow Vulnerability in API '/goform/setSysAdm'

Vulnerability

A critical buffer overflow vulnerability has been identified in the UTT HiPER 840G router, affecting firmware versions through 3.1.1-190328. The vulnerability arises in the API function '/goform/setSysAdm', where the 'passwd1' parameter can be manipulated to cause a stack overflow. This exploitation leads to a denial-of-service condition. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/setSysAdm' endpoint. The request must include a 'passwd1' parameter filled with a large amount of data, which will overflow the buffer by overwriting the 'InstPointByName' memory.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UTT HiPER 840G Buffer Overflow Vulnerability in API '/goform/setSysAdm'

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating