UTT 进取 520W Buffer Overflow Vulnerability in ConfigExceptAli

A buffer overflow vulnerability has been identified in the UTT 进取 520W router, specifically in the firmware version 1.7.7-180627. The issue arises in the '/goform/ConfigExceptAli' endpoint, where the 'strcpy' function is used to copy data without proper size validation. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be leveraged to disrupt the normal operation of the device, potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/ConfigExceptAli' endpoint. The request must include a payload that exceeds the buffer size, which can be achieved by manipulating the 'remark' parameter with a long string. The 'Action' parameter should be set to 'add' to trigger the vulnerability.