Zhouguobing

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 1200GW versions prior to 2.5.3-170306 **Description** A buffer overflow occurs in the Web Management Interface component due to the improper handling of the `strcpy()` function within the '/goform/setSysAdm' endpoint. A remote attacker can trigger this issue by manipulating the `sysAdmUser` and `sysAdmPass` variables. **Recommendations** Update to a version later than 2.5.3-170306. As a temporary workaround, restrict access to the '/goform/setSysAdm' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 1250GW versions prior to 3.2.7-210907-180535 **Description** A stack-based buffer overflow exists in the Web Management Interface component. The issue occurs within the `strcpy()` function of the file '/goform/formConfigFastDirectionW' when the `Profile` argument is manipulated. This allows a remote attacker to trigger the overflow. **Recommendations** Update to a version later than 3.2.7-210907-180535. As a temporary workaround, restrict access to the '/goform/formConfigFastDirectionW' endpoint to minimize the risk of exploitation.