Luozhibo

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 1200GW versions prior to 2.5.3-170306 **Description** A stack-based buffer overflow exists in the Web Management Interface component. A remote attacker can trigger this issue by manipulating arguments related to the PPTP server address, username, password, or tunnel name within an unknown function of the '/goform/formPptpClientConfig' endpoint. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** Update to a version later than 2.5.3-170306. As a temporary workaround, restrict access to the '/goform/formPptpClientConfig' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 1250GW versions prior to 3.2.7-210907-180535 **Description** A stack-based buffer overflow exists in the Web Management Interface component. The issue occurs within the `strcpy()` function located in the '/goform/formGroupConfig' endpoint. A remote attacker can trigger this flaw by manipulating the `Profile` argument. **Recommendations** Update to a version later than 3.2.7-210907-180535. As a temporary workaround, restrict access to the '/goform/formGroupConfig' endpoint to minimize the risk of exploitation.