UTT HiPER 810G Buffer Overflow Vulnerability in ConfigExceptMSN Interface Allowing Denial-of-Service

A buffer overflow vulnerability has been identified in the UTT HiPER 810G router, affecting firmware versions through 1.7.7-171114. The issue arises in the ConfigExceptMSN interface, where the strcpy function is used to copy user-supplied data without proper length validation. This flaw allows authenticated attackers to send crafted requests that overflow the buffer, potentially leading to arbitrary code execution or causing the device to crash. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes the router to crash or behave abnormally, leading to a denial-of-service condition. This disruption affects the device's availability and can destabilize the network.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/ConfigExceptMSN endpoint. Include an excessively long 'remark' parameter value. The request must be authenticated using Digest authorization.

Remediation

Users are advised to upgrade to the latest firmware version provided by UTT. Additionally, implement strict input length validation for all user-supplied parameters and avoid using unsafe functions like strcpy, opting for safer alternatives instead.