UTT HiPER 810 Buffer Overflow Vulnerability in setSysAdm Function
Vulnerability
A buffer overflow vulnerability has been identified in the UTT HiPER 810 router, specifically in the 1.7.4-141218 firmware version. The issue arises in the setSysAdm function, where the strcpy function is used to copy the passwd1 parameter without proper boundary checks. This flaw allows for remote exploitation, leading to a denial-of-service condition by causing an infinite login prompt loop. Additionally, according to VulDB, this vulnerability could potentially be exploited for arbitrary code execution.
Impact
Exploitation of this vulnerability causes a denial-of-service condition by disrupting normal authentication processes, leading to an infinite login prompt loop. However, this vulnerability could also be exploited for arbitrary code execution.
Reproduction
To reproduce this vulnerability, send a POST request to the /goform/formUser endpoint. Include the usernameold and username parameters set to 'admin', and the passwd1 parameter filled with a long string to overflow the buffer. The request must be authorized using Digest authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.