2160288544

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the `formBehaviorManager` function within the `/goform/BehaviorManager` file of the `httpd` component. Manipulation of the `modulename`/`option`/`data`/`switch` argument can lead to command injection. The attack can be launched remotely, and the exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/BehaviorManager` file. Avoid using the `modulename`, `option`, `data`, and `switch` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-806A version 100CNb11 **Description** A flaw exists in the SSDP Request Handler component, specifically within the `ssdpcgi main` function, allowing for command injection. This issue can be triggered remotely. The exploit for this issue is publicly available. This affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.