153528990

**Name of the Vulnerable Software and Affected Versions** Netgear DGND3700 version 1.1.00.15 1.00.15NA **Description** A vulnerability has been found in the Netgear DGND3700, affecting some unknown functionality of the file /BRS top.html. The manipulation leads to information disclosure. The attack may be launched remotely. Other products might be affected as well. The vendor was contacted early about this disclosure. **Recommendations** For Netgear DGND3700 version 1.1.00.15 1.00.15NA, as a temporary workaround, consider restricting access to the file /BRS top.html until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear DGND3700 version 1.1.00.15 1.00.15NA **Description** A very critical issue was found, affecting the Basic Authentication component of the Netgear DGND3700. This issue leads to improper authentication and can be initiated remotely. The exploit has been disclosed publicly and may be used. Other products might also be affected. **Recommendations** For Netgear DGND3700 version 1.1.00.15 1.00.15NA, consider restricting access to the Basic Authentication component until a patch is available. As a temporary workaround, avoid using the `Basic Authentication` feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear DGND3700 version 1.1.00.15 1.00.15NA **Description** A vulnerability has been found in the mini http component, specifically affecting the /currentsetting.htm file, leading to information disclosure. The attack can be initiated remotely. Other products might be affected as well. **Recommendations** For Netgear DGND3700 version 1.1.00.15 1.00.15NA, consider restricting access to the /currentsetting.htm file of the mini http component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A critical issue was found, affecting the function `sub 41F4F0` of the file "/H5/webgl.asp?tggl port=0&remote management=0&http passwd=game&exec service=admin-restart". This leads to an unverified password change. The attack can be initiated remotely. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider disabling the `sub 41F4F0` function until a patch is available. Restrict access to the "/H5/webgl.asp" endpoint to minimize the risk of exploitation. Avoid using the `http passwd` and `exec service` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A problematic vulnerability was found in the HTTP Endpoint component, specifically affecting the function `sub 41E304` of the file `/H5/state view.data`. This issue leads to information disclosure. The attack can only be performed within the local network. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), consider restricting access to the `/H5/state view.data` file and the `sub 41E304` function to minimize the risk of exploitation. Additionally, limit access to the HTTP Endpoint component to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A problematic issue has been found, affecting the function `sub 48F4F0` of the file `/H5/versionupdate.data`. This leads to information disclosure and can be exploited remotely. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider restricting access to the `sub 48F4F0` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A vulnerability has been found in the D-Link DI-7003GV2, affecting the function `sub 41F0FC` of the file `/H5/webgl.data`. This issue leads to information disclosure and can be initiated remotely. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider restricting access to the vulnerable function `sub 41F0FC` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A critical issue has been found, affecting the function sub 497DE4 of the file /H5/netconfig.asp. This leads to improper authentication. The attack can be initiated remotely. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider disabling the function sub 497DE4 until a patch is available. Restrict access to the /H5/netconfig.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A critical vulnerability was found in the Factory Reset Handler component, affecting the function `sub 4983B0` of the file "/H5/backup.asp?opt=reset". The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the `sub 4983B0` function until a patch is available. Restrict access to the "/H5/backup.asp?opt=reset" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A problematic issue has been found in the Configuration Handler component, affecting the processing of the file /H5/get version.data. This leads to information disclosure and can be initiated remotely. The issue has been publicly disclosed. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), consider restricting access to the /H5/get version.data file to minimize the risk of exploitation. As a temporary workaround, limit remote access to the Configuration Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A problematic issue was found, affecting an unknown function of the file /index.data. This leads to information disclosure and can be exploited remotely. The issue has been publicly disclosed. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A vulnerability has been found in the D-Link DI-7003GV2, affecting an unknown functionality of the file /install base.data. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider restricting access to the file /install base.data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A problem was found in the /login.data file, affecting some unknown functionality, which leads to information disclosure. The attack can be launched remotely. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider restricting access to the /login.data file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125) Description: A vulnerability was found in the D-Link DI-7003GV2, affecting unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling access to the /H5/restart.asp file until a patch is available. Restrict remote access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A720R version 4.1.5cu.374 **Description** A critical vulnerability has been found in the TOTOLINK A720R, affecting unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the `topicurl` argument with the input `RebootSystem` leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For TOTOLINK A720R version 4.1.5cu.374, as a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the `topicurl` argument with the input `RebootSystem` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A720R version 4.1.5cu.374 **Description** A vulnerability was found in the TOTOLINK A720R, affecting an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the `topicurl` argument with the input `showSyslog` leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file until a patch is available. Avoid using the `topicurl` argument with the input `showSyslog` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A720R version 4.1.5cu.374 **Description** A vulnerability was found in the Config Handler component of the TOTOLINK A720R, affecting an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation of the `topicurl` argument with the input `getInitCfg/getSysStatusCfg` leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file until a patch is available. Avoid using the `topicurl` argument with the input `getInitCfg/getSysStatusCfg` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A720R version 4.1.5cu.374 **Description** A critical issue affects the Log Handler component of TOTOLINK A720R, specifically the file /cgi-bin/cstecgi.cgi. The manipulation of the `topicurl` argument with the input `clearDiagnosisLog/clearSyslog/clearTracerouteLog` leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file until a patch is available. Avoid using the `topicurl` argument with the input `clearDiagnosisLog/clearSyslog/clearTracerouteLog` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.