UTT HiPER 1250GW Buffer Overflow Vulnerability in the setSysAdm Function
Vulnerability
A buffer overflow vulnerability has been identified in the UTT HiPER 1250GW router, affecting firmware versions through 3.2.7-210907-180535. The vulnerability arises in the '/goform/setSysAdm' file, where the 'strcpy' function is used to copy the 'GroupName' parameter without proper size validation. This oversight allows for a stack overflow, which can be exploited remotely, potentially leading to a denial-of-service condition.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt the normal operation of the device, likely leading to a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/setSysAdm' endpoint. The request must include a 'GroupName' parameter (referred to as 'passwd1' in the exploit) with a payload that exceeds the buffer size, effectively causing a stack overflow. This can be done using a web browser or a tool like curl, by including the necessary headers for authorization and content type.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.