Bazhuayu

**Name of the Vulnerable Software and Affected Versions** D-Link DI-8100 version 1.0 **Description** A critical issue exists in the D-Link DI-8100 device. The `sprintf` function within the `/ddns.asp?opt=add` file, part of the jhttpd component, is susceptible to a stack-based buffer overflow. Manipulation of the `mx` argument can trigger this issue, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-513 version 1.0 **Description** A critical vulnerability exists in the Boa Webserver component of the affected product. The `sprintf` function within the `/goform/formLanSetupRouterSettings` file is susceptible to a stack-based buffer overflow when the `curTime` argument is manipulated. This allows for remote attacks. The exploit for this vulnerability has been publicly disclosed and may be utilized. This issue only affects products that are no longer supported by the manufacturer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-513 version 1.10 **Description** A critical vulnerability exists in the Boa Webserver component of the D-Link DIR-513. The `sprintf` function within the `/goform/formSetWanNonLogin` file is susceptible to a stack-based buffer overflow when the `curTime` argument is manipulated. This allows for remote exploitation. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** D-Link DIR-513 version 1.10: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-8100 version 1.0 **Description** A critical vulnerability exists in the `sprintf` function within the `jhttpd` component of D-Link DI-8100 version 1.0. Manipulation of the `remove ext proto`/`remove ext port` argument in the `/upnp ctrl.asp` file leads to a stack-based buffer overflow. This issue can be exploited remotely, and the exploit has been publicly disclosed. **Recommendations** D-Link DI-8100 version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.21 Description: A critical issue affects some unknown functionality of the file /pppoe base.asp of the component jhttpd. The manipulation of the `mschap en` argument leads to a buffer overflow. This issue can be exploited remotely. A public exploit has been disclosed. Recommendations: For D-Link DI-8100 version 16.07.21, as a temporary workaround, consider restricting access to the /pppoe base.asp file until a patch is available. Avoid using the `mschap en` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-513 version 1.0 Description: A critical vulnerability has been found in the D-Link DIR-513. This issue affects an unknown part of the file `/goform/formSetWanPPTP`. The manipulation of the argument `curTime` leads to a buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. Recommendations: For D-Link DIR-513 version 1.0, as a temporary workaround, consider restricting access to the `/goform/formSetWanPPTP` endpoint to minimize the risk of exploitation. Avoid using the argument `curTime` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.