UTT HiPER 1200GW Stack-Based Buffer Overflow Vulnerability in Firewall Management

A stack-based buffer overflow vulnerability has been identified in the UTT HiPER 1200GW router, affecting firmware versions up to 2.5.3-170306. The vulnerability arises in the 'strcpy' function within the '/goform/formFireWall' endpoint, where user-controlled data is copied to a fixed memory location without proper length validation. This flaw allows for remote exploitation, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/formFireWall' endpoint. The request must include a 'destAddr' parameter with a crafted value that exceeds the buffer size, effectively exploiting the lack of bounds checking in the 'strcpy' function. This can be done by manipulating the 'destAddr' field to include excessive data, particularly when the 'destIP' parameter is set to 'ipRange'.