Jiefengliang

**Name of the Vulnerable Software and Affected Versions** DrayTek Vigor 300B versions up to 1.5.1.6 **Description** A flaw exists in DrayTek Vigor 300B that allows for operating system command injection. This issue is located within the `cgiGetFile` function of the `/cgi-bin/mainfunction.cgi/uploadlangs` file, part of the Web Management Interface component. The `File` argument can be manipulated to execute arbitrary commands remotely. The vendor has stated that the product is end-of-life and will not be patched. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WISE-6610 version 1.2.1 20251110 **Description** A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the `delete file` argument within an unknown function of the `/cgi-bin/luci/admin/openvpn apply` file, part of the Background Management component. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC21 version 16.03.08.16 **Description** A security issue exists in the Tenda AC21. The issue involves information disclosure through manipulation of an unknown function within the /cgi-bin/DownloadFlash file of the Web Management Interface component. This can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in D-Link DIR-823X 250416 that allows remote attackers to execute operating system commands. This is achieved by manipulating the `mac` argument within the `/goform/set mac clone` file through a function that has not been identified. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink WA300 version 5.2cu.7112 B20190227 **Description** A flaw exists in the Totolink WA300 device that allows for remote command execution. This is due to a vulnerability within the `setAPNetwork` function located in the `/cgi-bin/cstecgi.cgi` file. Specifically, manipulating the `Ipaddr` argument can lead to operating system command injection. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A weakness exists in D-Link DIR-823X version 250416 related to command injection. The issue affects the `sub 420618` function within the `/goform/set upnp` file. Manipulation of the `upnp enable` argument can lead to operating system command injection. Remote exploitation is possible, and the exploit has been publicly released. **Recommendations** Apply a fix for D-Link DIR-823X version 250416. As a temporary workaround, restrict access to the `/goform/set upnp` file. Avoid using the `upnp enable` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A security issue exists in D-Link DIR-823X version 250416. The `sub 4175CC` function within the `/goform/set static route table` file is susceptible to OS command injection. Manipulation of the `interface`, `destip`, `netmask`, `gateway`, and `metric` arguments can lead to unauthorized command execution. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hisense TransTech Smart Bus Management System versions prior to 20260114 **Description** A flaw exists in the Hisense TransTech Smart Bus Management System. A manipulation of the `key` argument within the `Page Load` function of the `YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx` file can lead to SQL injection. This issue is potentially exploitable remotely. The exploit has been published. **Recommendations** Versions prior to 20260114 should avoid using the `key` argument in the `Page Load` function of the `YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx` file.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A security issue exists in the DDNS Service component of D-Link DIR-823X version 250416. The issue relates to the processing of the `/goform/set ddns` file. Manipulation of the `ddnsType`, `ddnsDomainName`, `ddnsUserName`, and `ddnsPwd` arguments can result in operating system command injection. This allows for remote execution of commands. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in D-Link DIR-823X version 250416 related to the processing of input for the file `/goform/set ac status`. Manipulation of the `ac ipaddr`, `ac ipstatus`, and `ap randtime` arguments can lead to os command injection. This issue can be exploited remotely. The exploit has been publicly released. **Recommendations** Apply any available updates to address the vulnerability in the affected file `/goform/set ac status`. As a temporary workaround, restrict access to the `/goform/set ac status` file to minimize the risk of exploitation. Avoid manipulating the `ac ipaddr`, `ac ipstatus`, and `ap randtime` arguments.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A security flaw exists in the D-Link DIR-823X version 250416. The issue is located in the Web Management Interface, specifically within the file `/goform/set ac server`. Manipulation of the `ac server` argument can lead to os command injection. This attack can be initiated remotely. The exploit for this issue has been publicly released. **Recommendations** Apply updates to address the vulnerability in the Web Management Interface. Restrict access to the `/goform/set ac server` file. As a temporary workaround, consider disabling the Web Management Interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A security flaw exists in D-Link DIR-823X version 250416. The issue is related to the `sub 41E2A0` function within the `/goform/set mode` file. Manipulation of the `lan gateway` argument can lead to operating system command injection. This attack is possible remotely. The exploit has been publicly released. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sangfor Operation and Maintenance Management System versions up to 3.0.8 **Description** A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of the `Hostname` argument can lead to command execution. The exploit is publicly available. **Recommendations** Versions prior to 3.0.8 should be updated. As a temporary workaround, consider restricting access to the `SessionController` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, the manipulation of the `ID` parameter in the `/worksheet/agent worksadd.jsp` file can lead to SQL injection. This issue is remotely exploitable. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A flaw exists in Yonyou KSOA 9.0 related to the handling of HTTP GET parameters. Specifically, manipulation of the `ID` parameter in the '/worksheet/del user.jsp' file can lead to SQL injection. This issue is exploitable remotely. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 9.0 should be upgraded. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the `ID` argument within the HTTP GET parameter handler of the `/worksheet/agent worksdel.jsp` file. Remote exploitation is possible. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A security issue exists in Yonyou KSOA 9.0 related to SQL injection. The issue is located in the file `/worksheet/agent work report.jsp`. Manipulation of the `ID` argument can lead to a successful exploit. The attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Tenda CH22 versão 1.0.0.1 **Descrição** Existe uma vulnerabilidade de path traversal no Tenda CH22 versão 1.0.0.1. Este problema afeta uma função desconhecida no arquivo /public/. Atacantes remotos podem explorar essa falha para realizar path traversal. O exploit está disponível publicamente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Tenda CH22 versões até 1.0.0.1 **Descrição** Existe uma falha no Tenda CH22 que permite uma negação de serviço. Este problema origina-se da manipulação do argumento `LISTLEN` dentro da função `fromDhcpListClient` localizada no arquivo `/goform/DhcpListClient`. O ataque pode ser iniciado remotamente. O exploit para este problema foi divulgado publicamente. **Recomendações** As versões até 1.0.0.1 devem ser atualizadas para uma versão mais recente e segura quando disponível.