UTT HiPER 1250GW Buffer Overflow Vulnerability in formTaskEdit_ap

A buffer overflow vulnerability has been identified in the UTT HiPER 1250GW router, affecting firmware versions through 3.2.7-210907-180535. The issue arises in the strcpy function within the file route/goform/formTaskEdit_ap, where the Profile parameter can be manipulated to trigger the overflow. This vulnerability allows for remote exploitation, and a public exploit is available.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/formTaskEdit_ap endpoint. The request must include a crafted Profile parameter that exceeds the buffer size, effectively causing a buffer overflow. This can be done by using a long string of characters in the Profile parameter, which the strcpy function will not properly validate before copying, leading to memory corruption.