UTT HiPER 810G Buffer Overflow Vulnerability in ConfigExceptAli Function

A critical buffer overflow vulnerability has been identified in the UTT HiPER 810G router, specifically in the firmware version 1.7.7-171114. The vulnerability arises in the ConfigExceptAli function, where improper input handling in the strcpy function creates the potential for buffer overflow. This issue can be exploited remotely, leading to buffer overflow attacks and possible denial-of-service conditions.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/ConfigExceptAli endpoint. The request must include a long string in the indexIDNew parameter, which will overflow the buffer by exceeding its capacity. This can be done by manipulating the Action parameter to trigger the vulnerable strcpy function without proper input validation.