942384053

**Name of the Vulnerable Software and Affected Versions** Tenda A15 version 15.13.07.13 **Description** A stack-based buffer overflow exists in the `UploadCfg` function of the `/cgi-bin/UploadCfg` file. The issue is triggered by manipulating the `File` argument. This allows for remote exploitation. The exploit has been publicly disclosed and may be used to take over the router. **Recommendations** Update Tenda A15 version 15.13.07.13 to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC8 version 16.03.34.06 **Description** A stack-based buffer overflow exists in the `webCgiGetUploadFile` function of the `Httpd` service, specifically within the `/cgi-bin/UploadCfg` API endpoint. The issue is due to improper handling of the `boundary` argument, allowing for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `webCgiGetUploadFile` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda A18 version 15.13.07.13 **Description** A flaw exists in the Tenda A18 router, specifically in the handling of the `strcpy` function within the `/goform/WifiExtraSet` API endpoint of the `Httpd Service`. Manipulation of the `wpapsk crypto5g` argument can lead to a stack-based buffer overflow. The issue is remotely exploitable, and the exploit has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/WifiExtraSet` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the Configuration Parameter Handler component of D-Link DIR-823X version 250416. The issue stems from manipulating the `terminal addr`, `server ip`, and `server port` arguments within the `/goform/set server settings` file, leading to operating system command injection. This allows for remote attacks. The exploit is publicly available. **Recommendations** Apply a firmware update that addresses the vulnerability in the Configuration Parameter Handler component. As a temporary workaround, restrict access to the `/goform/set server settings` file. Avoid using the `terminal addr`, `server ip`, and `server port` parameters until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A weakness exists in D-Link DIR-823X version 250416. A manipulation of the `langSelection` argument in the file `/goform/set language` can lead to os command injection. The attack can be launched remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the D-Link DIR-823X version 250416 that allows for operating system command injection. This is due to a manipulation possibility within the `sub 424D20` function of the `/goform/set ipv6` file. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the D-Link DIR-823X firmware. This issue affects the `sub 420688` function within the `/goform/set qos` file, potentially allowing for operating system command injection. The attack can be carried out remotely. The exploit code has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A security flaw exists in D-Link DIR-823X version 250416. The issue resides within the Configuration Handler component, specifically in the function `sub 4208A0` located in the file `/goform/set dmz`. Manipulation of the `dmz host`/`dmz enable` argument can lead to operating system command injection. This allows for remote execution of commands. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC21 version 16.03.08.16 **Description** A weakness exists in the Tenda AC21 device. This issue affects an unknown function within the Web Management Interface component, specifically related to the file `/cgi-bin/DownloadLog`. A manipulation of this component can lead to information disclosure. The attack can be performed remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the Login component of the D-Link DIR-823X, specifically within the `sub 40AC74` function. This issue results in insufficient restriction of excessive authentication attempts, potentially allowing for unauthorized access. The exploit is publicly available and is considered difficult to exploit due to its high complexity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in D-Link DIR-823X version 250416 that allows remote attackers to execute operating system commands. This occurs due to a command injection in an unknown function within the `/goform/set password` file. The issue is triggered by manipulating the `http passwd` argument. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.