UTT HiPER 1250GW Buffer Overflow Vulnerability in Dns Filter Global Configuration

A buffer overflow vulnerability has been identified in the UTT HiPER 1250GW router, affecting firmware versions through 3.2.7-210907-180535. The issue arises in the Parameter Handler component, specifically within the formConfigDnsFilterGlobal API. The vulnerability is triggered by manipulating the GroupName parameter, which is then copied to a buffer using the strcpy function without proper size validation. This oversight creates a buffer overflow condition that can be exploited remotely, potentially leading to a denial-of-service situation.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can disrupt the normal operation of the device, potentially leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/formConfigDnsFilterGlobal endpoint. Include a GroupName parameter with a payload that exceeds the buffer size, such as a long string of characters. The request must be authorized using a Digest authentication scheme.