UTT HiPER 1250GW Buffer Overflow Vulnerability in formNatStaticMap Remote Exploitation

A buffer overflow vulnerability has been identified in the UTT HiPER 1250GW router, affecting firmware versions through 3.2.7-210907-180535. The vulnerability resides in the formNatStaticMap interface, where the strcpy function is used to copy data from the NatBind parameter without proper length validation. This oversight allows for remote exploitation, leading to a denial-of-service condition on the device.

Impact

Exploitation of this vulnerability causes the device to crash, disrupts the web management service, and creates a denial-of-service state on the device. Additionally, there is potential for further exploitation under specific conditions.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/formNatStaticMap endpoint. Include a crafted NatBind parameter with a payload that exceeds the buffer size, and set the Action parameter to a value other than 'add'. The device will become unresponsive, and the management interface may become inaccessible, confirming the successful exploitation of the vulnerability.