UTT HiPER 810G Buffer Overflow Vulnerability in NTP Form
Vulnerability
A buffer overflow vulnerability has been identified in the UTT HiPER 810G router, affecting firmware versions through 1.7.7-171114. The vulnerability arises in the NTP form handling, specifically within the strcpy function, where input is copied without proper size validation. This flaw allows for remote exploitation, potentially leading to arbitrary code execution or causing a denial-of-service condition.
Impact
Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption. This type of vulnerability is often exploited to execute arbitrary code or cause a denial-of-service condition by crashing the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/NTP endpoint. The request must include a payload that exceeds the buffer size, specifically in the NTPServerIP field, which can be filled with a large amount of data. The SntpEnable parameter must be set to 'on' to trigger the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.