Leetmoon

Nome do software vulnerável e versões afetadas: Mercury MNVR816, versões até 2.0.1.0.5 Descrição: Foi identificada uma vulnerabilidade que permite que arquivos ou diretórios fiquem acessíveis. O problema afeta uma parte desconhecida do arquivo /web-static/. É possível iniciar o ataque remotamente. O número estimado de dispositivos potencialmente afetados em todo o mundo não está disponível. Não há informações sobre incidentes reais em que essa vulnerabilidade tenha sido explorada. Recomendações: Para as versões do Mercury MNVR816 até 2.0.1.0.5, aplique imediatamente restrições de firewall para mitigar o risco de acesso não autorizado a arquivos ou diretórios. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

Nome do software vulnerável e versões afetadas: D-Link DNS-320 versão 2.02b01 Descrição: O problema está relacionado à divulgação de informações no arquivo /cgi-bin/discovery.cgi do componente Interface de Gerenciamento Web no firmware do roteador D-Link DNS-320. Isso pode ser explorado remotamente, permitindo que um invasor divulgue informações confidenciais. O produto está em fim de vida útil e deve ser retirado de serviço e substituído. Recomendações: Para o D-Link DNS-320 versão 2.02b01, considere retirar de circulação e substituir o produto, pois ele está em fim de vida útil e não é mais suportado pelo mantenedor. Como solução temporária, restrinja o acesso ao arquivo /cgi-bin/discovery.cgi na Interface de Gerenciamento Web para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** D-Link DNS-320 versão 2.02b01 **Descrição** Foi identificada uma falha na interface de gerenciamento web do D-Link DNS-320, especificamente no arquivo /cgi-bin/widget api.cgi. A manipulação dos argumentos `getHD`, `getSer` ou `getSys` leva à divulgação de informações. Esse problema pode ser explorado remotamente, mas a complexidade de um ataque é bastante alta, e sabe-se que a exploração é difícil. O produto está no fim de vida útil e deve ser retirado de serviço e substituído. **Recomendações** Como solução temporária, considere desativar o arquivo `/cgi-bin/widget api.cgi` até que a vulnerabilidade seja resolvida. Restrinja o acesso à Interface de Gerenciamento Web para minimizar o risco de exploração. Evite usar os argumentos `getHD`, `getSer` ou `getSys` no endpoint da API afetado até que a vulnerabilidade seja resolvida. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects the Web Management Interface component. The manipulation of the `dpi` argument leads to command injection, allowing remote attacks. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface or restricting access to it until a patch is available. Avoid using the `dpi` argument in the affected interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects an unknown functionality of the Web Management Interface component. The manipulation of the `name` argument leads to command injection. This issue can be exploited remotely. **Recommendations** For versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available. Restrict access to the Web Management Interface to minimize the risk of exploitation. Avoid using the `name` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects some unknown functionality of the Web Management Interface component. The manipulation of the `suffix-rate-up` argument leads to command injection. The attack can be launched remotely. **Recommendations** For versions up to 2.0.9-hotfix.6, as a temporary workaround, consider restricting access to the Web Management Interface to minimize the risk of exploitation. Avoid using the `suffix-rate-up` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue was found in the Web Management Interface component. The manipulation of the `ecn-up` argument leads to command injection, allowing remote attacks. The exploit has been disclosed publicly. **Recommendations** For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface or restricting access to it until a patch is available. Avoid using the `ecn-up` argument in the affected interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue has been found in the Web Service component, allowing for denial of service through remote attack. The exploit has been disclosed publicly. **Recommendations** For versions up to 2.0.9-hotfix.6, update to a version later than 2.0.9-hotfix.6 to resolve the issue. As a temporary workaround, consider restricting access to the Web Service component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue has been found in the Web Management Interface component. The manipulation of the `ecn-down` argument leads to command injection. This issue can be exploited remotely. **Recommendations** For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available to prevent command injection attacks. Restrict access to the interface to minimize the risk of exploitation. Avoid using the `ecn-down` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects the Web Management Interface component, where the manipulation of the `src` argument leads to command injection. This can be initiated remotely. **Recommendations** For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available to prevent command injection attacks. Restrict access to the interface to minimize the risk of exploitation. Avoid using the `src` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 **Description** The issue exists due to insufficient input validation in the Static Routing Configuration Handler component of the Ubiquiti EdgeRouter microprogram. Exploitation of this issue may allow a remote attacker to execute arbitrary commands. The manipulation of the `next-hop-interface` argument leads to command injection. It is possible to launch the attack remotely. **Recommendations** For Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, consider disabling the Static Routing Configuration Handler component until a patch is available. Restrict access to the `next-hop-interface` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 **Description** A critical issue has been found in the OSPF Handler component of the software, potentially allowing for command injection through the manipulation of the argument area. This can be exploited remotely. The existence of this issue is still uncertain. **Recommendations** For version 2.0.9-hotfix.6, consider restricting access to the OSPF Handler component until a fix is available. As a temporary workaround, avoid using the argument area in the OSPF Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 **Description** The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execute arbitrary commands. This can lead to command injection. The attack may be initiated remotely. **Recommendations** For Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, consider disabling the NAT Configuration Handler component until a patch is available. As a temporary workaround, restrict access to the NAT Configuration Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.