Batuhan Burakcin

**Name of the Vulnerable Software and Affected Versions** AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems version 1.0.2.0 and earlier **Description** The issue is caused by a stack-based buffer overflow in the firmware of the affected devices, allowing remote attackers to execute arbitrary code via a long string in the `redirect` parameter to "cgi-bin/login". This can be exploited by sending an incorrect parameter to the subcomponent of "cgi-bin/login", enabling a remote attacker to execute arbitrary code. **Recommendations** For AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems version 1.0.2.0 and earlier, consider disabling access to the "cgi-bin/login" endpoint until a patch is available. Avoid using the `redirect` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.