关键信息 Information Vendor of the products: UTT Vendor's website: UTT艾泰-专业路由器、交换机、防火墙品牌 Affected products: HiPER 810G Affected firmware version: <=v3v1.7.7-171114 Firmware download address: UTT艾泰-专业路由器、交换机、防火墙品牌 Email: 1216429579@qq.com Overview A serious buffer overflow vulnerability was found on the UTT router Aggressive HiPER 810G router, where an attacker could trigger the vulnerability by routing /goform/setSysAdm, causing buffer overflow attacks and denial of service attacks, etc., specifically through "strcpy((char )(InstPointByName + 36), Var);" to be realized. Vulnerability details The API for invoking the function - - - - ... A stack overflow vulnerability was triggered in this place, Passwd1 passes in a large amount of content and splices it into InstPointByName memory, causing a stack overflow. - - POC Response The response shows a timeout error, indicating that the server is unable to handle the request due to the exploit.