Babyshark

**Name of the Vulnerable Software and Affected Versions** Tenda AC20 versions through 16.03.08.12 **Description** A critical vulnerability exists due to a buffer overflow in an unknown function of the `/goform/SetSysTimeCfg` file within the `httpd` component. The vulnerability is triggered by manipulating the `timeZone` argument, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Update Tenda AC20 to a version beyond 16.03.08.12.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R version 3.0.0-B20230809.1615 TOTOLINK A3002R version 3.0.0-B20230809.1615 TOTOLINK A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability has been found in the TOTOLINK A702R, A3002R, and A3002RU routers. This issue affects the unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument `submit-url` leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler until a patch is available. Restrict access to the /boafrm/formWirelessTbl file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R version 3.0.0-B20230809.1615 TOTOLINK A3002R version 3.0.0-B20230809.1615 TOTOLINK A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability has been found in the TOTOLINK A702R, A3002R, and A3002RU routers, affecting the unknown code of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to a buffer overflow. This attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For TOTOLINK A702R version 3.0.0-B20230809.1615, restrict access to the /boafrm/formDosCfg file to minimize the risk of exploitation. For TOTOLINK A3002R version 3.0.0-B20230809.1615, avoid using the `submit-url` argument in the HTTP POST Request Handler until the issue is resolved. For TOTOLINK A3002RU version 3.0.0-B20230809.1615, consider disabling the HTTP POST Request Handler component until a patch is available.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability was found in the HTTP POST Request Handler component of the affected TOTOLINK devices. This vulnerability affects an unknown part of the file /boafrm/formSiteSurveyProfile and can be exploited remotely. The manipulation of the `submit-url` argument leads to a buffer overflow. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler until a patch is available. Restrict access to the /boafrm/formSiteSurveyProfile file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting an unknown functionality of the file /boafrm/formSysCmd. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler or restricting access to the /boafrm/formSysCmd file until a patch is available. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability was found in the HTTP POST Request Handler component of the affected devices. The vulnerability affects the function `sub 40BE30` of the file `/boafrm/formStats`. The manipulation of the argument `submit-url` leads to a buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the `sub 40BE30` function until a patch is available. Restrict access to the `/boafrm/formStats` file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability was found in the HTTP POST Request Handler component, affecting an unknown function of the file /boafrm/formSaveConfig. The manipulation of the `submit-url` argument leads to a buffer overflow, allowing remote attacks. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler component until a patch is available. Restrict access to the /boafrm/formSaveConfig file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects an unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument `devicemac1` leads to a buffer overflow. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler or restricting access to the /boafrm/formMapDel file until a patch is available. Avoid using the `devicemac1` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument `macstr` leads to command injection. This issue can be exploited remotely. Recommendations: For TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615, as a temporary workaround, consider restricting access to the /boafrm/formMapDelDevice file to minimize the risk of exploitation. Avoid using the `macstr` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability has been found in the HTTP POST Request Handler component of TOTOLINK A3002R and A3002RU. This affects an unknown part of the file /boafrm/formPortFw. The manipulation of the `service type` argument leads to a buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider restricting access to the HTTP POST Request Handler component until a patch is available. Avoid using the `service type` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 version 4.1.8cu.5241 B20210927 TOTOLINK A3100R version 4.1.8cu.5241 B20210927 TOTOLINK A950RG version 4.1.8cu.5241 B20210927 TOTOLINK A800R version 4.1.8cu.5241 B20210927 TOTOLINK N600R version 4.1.8cu.5241 B20210927 TOTOLINK A3000RU version 4.1.8cu.5241 B20210927 TOTOLINK A810R version 4.1.8cu.5241 B20210927 **Description** A critical vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument `FileName` leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C GR-5400AX versions up to 100R008 **Description** A critical issue has been found that affects the Edit List SSID function of the /goform/aspForm file. The manipulation of the `param` argument leads to a buffer overflow. This issue can be exploited within the local network. **Recommendations** For H3C GR-5400AX versions up to 100R008, as a temporary workaround, consider restricting access to the /goform/aspForm file until a patch is available. Avoid using the `param` argument in the affected function Edit List SSID until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C GR-1800AX versions up to 100R008 **Description** A critical issue was found, affecting the function `EnableIpv6` of the file "/goform/aspForm". The manipulation of the argument `param` leads to a buffer overflow. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. **Recommendations** For H3C GR-1800AX versions up to 100R008, consider disabling the `EnableIpv6` function of the "/goform/aspForm" file as a temporary workaround until a patch is available. Restrict access to the local network to minimize the risk of exploitation. Avoid using the `param` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-880L versions up to 104WWb01 **Description** A critical vulnerability was found in the Request Header Handler component, specifically affecting the function `sub 16570` of the file `/htdocs/ssdpcgi`. The manipulation of the argument `HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID` leads to command injection. This issue can be exploited remotely. The exploit has been publicly disclosed, making it potentially usable. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-880L versions up to 104WWb01, as a temporary workaround, consider restricting access to the `/htdocs/ssdpcgi` file to minimize the risk of exploitation. Additionally, avoid using the `HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-890L versions up to 100CNb11 D-Link DIR-806A1 versions up to 108B03 **Description** A critical issue has been detected, affecting the function `sub 175C8` of the file `/htdocs/soap.cgi`. This issue leads to command injection and can be exploited remotely. The exploit has been publicly disclosed, making it possible for attackers to utilize it. This issue only affects products that are no longer supported by the manufacturer. **Recommendations** For D-Link DIR-890L versions up to 100CNb11, consider disabling the `sub 175C8` function in the `/htdocs/soap.cgi` file as a temporary workaround to minimize the risk of exploitation. For D-Link DIR-806A1 versions up to 108B03, restrict access to the `/htdocs/soap.cgi` file to prevent remote attacks until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C GR-3000AX versions up to V100R006 **Description** A critical vulnerability was found in the HTTP POST Request Handler component of H3C GR-3000AX. The affected function is EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit List SSID of the file /goform/aspForm. The manipulation of the argument `param` leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well. **Recommendations** To resolve the issue, upgrade the H3C GR-3000AX to a version later than V100R006. As a temporary workaround, consider restricting access to the HTTP POST Request Handler component or disabling the affected function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit List SSID to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 versions 15.03.05.0 through 15.03.05.19 **Description** A critical issue affects the function `fromSetWirelessRepeat` of the file `/goform/WifiExtraSet`. The manipulation of the argument `mac` leads to buffer overflow. The attack may be initiated remotely. **Recommendations** For Tenda AC15 versions 15.03.05.0 through 15.03.05.19, consider disabling the `fromSetWirelessRepeat` function until a patch is available to prevent buffer overflow exploitation. Restrict access to the `/goform/WifiExtraSet` file to minimize the risk of exploitation. Avoid using the `mac` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.