Vulnerability Title: - Buffer Overflow Vulnerability in UTT HiPER 810G Router /goform/formFireWall (Denial of Service) Information: - Vendor: UTT (AiTai) - Vendor Website: https://utt.com.cn/ - Affected Product: HiPER 810G - Affected Firmware Version: <= v3v1.7.7-171114 - Firmware Download: https://utt.com.cn/downloadcenter.php - Vulnerability Type: Buffer Overflow (unsafe string copy) - Impact: Device crash, service restart, denial of service (DoS) Overview: - A critical buffer overflow vulnerability exists in the UTT HiPER 810G router. The vulnerability can be triggered through the /goform/formFireWall management interface. Due to missing boundary checks, user-controlled input is copied into a fixed-size memory buffer using the unsafe function: - - Because does not validate input length, attackers can supply an overly long parameter value, resulting in memory corruption and denial of service. Vulnerability Details: - 1. API entry point: The following screenshot shows the /goform/formFireWall handler being invoked. - 2. Conditional processing of user input: Several parameters are retrieved from the HTTP request and passed through conditional logic before being copied. - 3. Vulnerable memory copy operation: The overflow occurs at the following location, where attacker-controlled data is copied without length validation. Proof of Concept (PoC): - Sending the following POST request with an excessively long "GroupName" parameter will trigger the buffer overflow. - Device DoS Evidence: - After sending the request, the device becomes unresponsive or reboots, confirming successful exploitation. Impact: - Remote denial of service via management interface - Memory corruption caused by unsafe usage - Potential for further exploitation depending on memory layout and protections - Affects all devices running vulnerable firmware versions Mitigation Recommendations: - Firmware / Code Fixes: Replace with bounded alternatives such as snprintf or , Enforce strict length validation on all firewall-related parameters, Implement input sanitization and character whitelisting, Enable compiler protections such as stack canaries and FORTIFY_SOURCE. - Deployment / Operational Mitigations: Restrict access to the router management interface, Avoid exposing the admin interface to the public internet, Use strong administrative credentials, Monitor for abnormal or oversized HTTP POST requests. Responsible Disclosure: - 1. Report the vulnerability to UTT with full technical details and PoC. - 2. Allow 30-60 days for vendor remediation. - 3. Publish an advisory after a patched firmware is released. - 4. If the vendor does not respond, consider coordinated disclosure through CERT channels.