Pjqwudi

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

**Nome do Software Vulnerável e Versões Afetadas** Dispositivos NETGEAR (versões afetadas não especificadas) **Descrição** A validação insuficiente de entrada permite que administradores autenticados conectados à rede local comprometam a integridade do roteador.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A weakness exists in multiple D-Link devices. The `Local Backup Info` function within the `/cgi-bin/local backup mgr.cgi` file is susceptible to a stack-based buffer overflow. Manipulation of the `f idx` argument triggers this issue, and the attack can be initiated remotely. An exploit for this issue has been publicly released. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in several D-Link devices. The issue is located in the `cgi create import users`/`cgi user batch create`/`cgi user set quota`/`cgi user del`/`cgi user modify`/`cgi group set quota`/`cgi group modify`/`cgi group add`/`cgi user add`/`cgi get modify group info`/`cgi chg admin pw` functions within the `/cgi-bin/account mgr.cgi` file. This allows for remote execution of commands through manipulation of the affected functions. The exploit is publicly available and may be used to compromise systems. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A security issue exists in D-Link devices due to a command injection flaw. The `cgi tm set share` function within the `/cgi-bin/time machine.cgi` file is susceptible to this issue. Manipulation of the `Name` argument can lead to command injection, allowing for remote attacks. The exploit for this issue has been publicly released. **Recommendations** D-Link DNS-120: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-202L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-315L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320LW: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-321: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-322L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-323: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-325: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-327L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-340L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-343: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-345: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-726-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1100-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1200-05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1550-04: Update to a version after 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A stack-based buffer overflow condition exists in the `cgi myfavorite del user`/`cgi myfavorite verify` function within the `/cgi-bin/gui mgr.cgi` file. This issue can be triggered remotely through manipulation. The exploit for this issue is publicly available. **Recommendations** For D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04, update to a version later than 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 versions prior to 20260205 **Description** A security issue has been identified in multiple D-Link Network Attached Storage (NAS) devices. The `Downloads Schedule Info` function within the `/cgi-bin/download mgr.cgi` file is susceptible to a stack-based buffer overflow. This manipulation can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823G version 1.0.2B05 **Description** A security issue has been identified in the D-Link DIR-823G. The problem stems from improper access controls within the `goahead` component, specifically related to the following functions: `GetDDNSSettings`, `GetDeviceDomainName`, `GetDeviceSettings`, `GetDMZSettings`, `GetFirewallSettings`, `GetGuestNetworkSettings`, `GetLanWanConflictInfo`, `GetLocalMacAddress`, `GetNetworkSettings`, `GetQoSSettings`, `GetRouterInformationSettings`, `GetRouterLanSettings`, `GetWanSettings`, `SetAccessCtlList`, `SetAccessCtlSwitch`, `SetDeviceSettings`, `SetGuestWLanSettings`, `SetIPv4FirewallSettings`, `SetNetworkSettings`, `SetNetworkTomographySettings`, `SetNTPServerSettings`, `SetRouterLanSettings`, `SetStaticClientInfo`, `SetStaticRouteSettings`, `SetWLanRadioSecurity`, `SetWPSSettings`, and `UpdateClientInfo`. This allows for remote manipulation. The exploit for this issue has been made public. It is important to note that this vulnerability affects products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A stack-based buffer overflow exists in the goahead component of D-Link DIR-816 version 1.10CNB05. The issue is located in the file '/goform/form2Wl5BasicSetup.cgi'. Manipulation of the `pskValue` argument can trigger the overflow, allowing for remote exploitation. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A security issue has been identified in D-Link DIR-816 version 1.10CNB05. The issue affects an unknown function within the file `/goform/form2WlanBasicSetup.cgi` of the `goahead` component. Manipulation of the `pskValue` argument can lead to a stack-based buffer overflow. This can be exploited remotely. The exploit for this issue has been publicly disclosed. This vulnerability only impacts products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A weakness exists in D-Link DIR-816 version 1.10CNB05. The issue affects an unknown function within the `/goform/form2Wl5RepeaterStep2.cgi` file of the `goahead` component. Manipulation of the `key1/key2/key3/key4/pskValue` argument results in a stack-based buffer overflow. Remote exploitation is possible, and a public exploit is available. This vulnerability impacts products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.06B01 **Description** A security issue has been identified in the D-Link DIR-619L. The `formSchedule` function within the `boa` component, located in the file `/goform/formSchedule`, is susceptible to a stack-based buffer overflow. This occurs when the `curTime` argument is manipulated. The issue can be exploited remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A flaw exists in D-Link DIR-816, specifically within the goahead component’s `redirect.asp` file. Manipulation of the `token id` argument can lead to improper access controls. This issue can be exploited remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A security issue has been identified in D-Link DIR-816 version 1.10CNB05. The issue affects an unknown function within the `/goform/form2RepeaterStep2.cgi` file of the `goahead` component. Manipulating the `key1/key2/key3/key4/pskValue` argument can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit for this issue has been publicly released. This vulnerability only impacts products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 **Description** A security issue exists in D-Link DIR-605L and DIR-619L. The issue resides in an unknown function within the Wifi Setting Handler component. A manipulation of this component can lead to information disclosure. The attack can be initiated remotely. The exploit for this issue has been made publicly available. It is important to note that these products are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 **Description** A weakness exists in D-Link DIR-605L and DIR-619L routers. The issue is related to an unknown function within the DHCP Client Information Handler component. A manipulation of this component can result in information disclosure. The attack can be initiated remotely, and an exploit is publicly available. It is important to note that these products are no longer supported by the maintainer. **Recommendations** D-Link DIR-605L version 2.06B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-619L version 2.06B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-605L version 2.13B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-619L version 2.13B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 **Description** A security issue has been identified in D-Link DIR-605L and DIR-619L routers. The issue resides in an unknown function within the `/wan connection status.asp` file of the DHCP Connection Status Handler component, leading to information disclosure. Remote exploitation is possible, and the exploit has been publicly disclosed. These products are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Linksys RE6500, RE6250, RE6300, RE6350, RE7000 e RE9000 versões 1.0.013.001 até 1.2.07.001 **Descrição** Existe um estouro de buffer baseado em pilha na função `AP get wireless clientlist setClientsName` dentro do arquivo `mod form.so`. A manipulação do argumento `clientsname 0` pode acionar este problema, permitindo exploração remota. O exploit está publicamente disponível. O fabricante foi notificado, mas não respondeu. **Recomendações** Linksys RE6500 versão 1.0.013.001 deve ser atualizado. Linksys RE6500 versão 1.0.04.001 deve ser atualizado. Linksys RE6500 versão 1.0.04.002 deve ser atualizado. Linksys RE6500 versão 1.1.05.003 deve ser atualizado. Linksys RE6500 versão 1.2.07.001 deve ser atualizado. Linksys RE6250 versão 1.0.013.001 deve ser atualizado. Linksys RE6250 versão 1.0.04.001 deve ser atualizado. Linksys RE6250 versão 1.0.04.002 deve ser atualizado. Linksys RE6250 versão 1.1.05.003 deve ser atualizado. Linksys RE6250 versão 1.2.07.001 deve ser atualizado. Linksys RE6300 versão 1.0.013.001 deve ser atualizado. Linksys RE6300 versão 1.0.04.001 deve ser atualizado. Linksys RE6300 versão 1.0.04.002 deve ser atualizado. Linksys RE6300 versão 1.1.05.003 deve ser atualizado. Linksys RE6300 versão 1.2.07.001 deve ser atualizado. Linksys RE6350 versão 1.0.013.001 deve ser atualizado. Linksys RE6350 versão 1.0.04.001 deve ser atualizado. Linksys RE6350 versão 1.0.04.002 deve ser atualizado. Linksys RE6350 versão 1.1.05.003 deve ser atualizado. Linksys RE6350 versão 1.2.07.001 deve ser atualizado. Linksys RE7000 versão 1.0.013.001 deve ser atualizado. Linksys RE7000 versão 1.0.04.001 deve ser atualizado. Linksys RE7000 versão 1.0.04.002 deve ser atualizado. Linksys RE7000 versão 1.1.05.003 deve ser atualizado. Linksys RE7000 versão 1.2.07.001 deve ser atualizado. Linksys RE9000 versão 1.0.013.001 deve ser atualizado. Linksys RE9000 versão 1.0.04.001 deve ser atualizado. Linksys RE9000 versão 1.0.04.002 deve ser atualizado. Linksys RE9000 versão 1.1.05.003 deve ser atualizado. Linksys RE9000 versão 1.2.07.001 deve ser atualizado.

**Nome do Software Vulnerável e Versões Afetadas** Linksys RE6500 versões 1.0.013.001 até 1.2.07.001 Linksys RE6250 versões 1.0.013.001 até 1.2.07.001 Linksys RE6300 versões 1.0.013.001 até 1.2.07.001 Linksys RE6350 versões 1.0.013.001 até 1.2.07.001 Linksys RE7000 versões 1.0.013.001 até 1.2.07.001 Linksys RE9000 versões 1.0.013.001 até 1.2.07.001 **Descrição** Um estouro de buffer baseado em pilha existe na função `RE2000v2Repeater get wireless clientlist setClientsName` no arquivo `mod form.so`. A manipulação do argumento `clientsname 0` pode acionar este problema, permitindo exploração remota. A vulnerabilidade foi divulgada publicamente. **Recomendações** Linksys RE6500 versões 1.0.013.001 até 1.2.07.001: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. Linksys RE6250 versões 1.0.013.001 até 1.2.07.001: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. Linksys RE6300 versões 1.0.013.001 até 1.2.07.001: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. Linksys RE6350 versões 1.0.013.001 até 1.2.07.001: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. Linksys RE7000 versões 1.0.013.001 até 1.2.07.001: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. Linksys RE9000 versões 1.0.013.001 até 1.2.07.001: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Linksys RE6500 versões 1.0.013.001 até 1.2.07.001 Linksys RE6250 versões 1.0.013.001 até 1.2.07.001 Linksys RE6300 versões 1.0.013.001 até 1.2.07.001 Linksys RE6350 versões 1.0.013.001 até 1.2.07.001 Linksys RE7000 versões 1.0.013.001 até 1.2.07.001 Linksys RE9000 versões 1.0.013.001 até 1.2.07.001 **Descrição** Existe uma vulnerabilidade de estouro de buffer baseado em pilha na função `AP get wired clientlist setClientsName` no arquivo `mod form.so`. O problema é acionado pela manipulação do argumento `clientsname 0`. Isso permite ataques remotos. O exploit está disponível publicamente. **Recomendações** Linksys RE6500 versões anteriores a 1.2.07.001 Linksys RE6250 versões anteriores a 1.2.07.001 Linksys RE6300 versões anteriores a 1.2.07.001 Linksys RE6350 versões anteriores a 1.2.07.001 Linksys RE7000 versões anteriores a 1.2.07.001 Linksys RE9000 versões anteriores a 1.2.07.001