UTT 进取 520W Buffer Overflow Vulnerability in AP Security Form

A buffer overflow vulnerability has been identified in the UTT 进取 520W router, specifically in the firmware version 1.7.7-180627. The issue arises in the '/goform/APSecurity' file, where the 'strcpy' function is used to copy the 'wepkey1' argument without proper size validation. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition by crashing the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/APSecurity' endpoint. The request must include a 'wepkey1' parameter with a value that exceeds the buffer size, effectively causing a buffer overflow. This can be done by manipulating the 'security_mode' parameter to 'OPEN', 'SHARED', or 'WEPAUTO', which triggers the vulnerable 'strcpy' function.