Beacox

Name of the Vulnerable Software and Affected Versions: D-Link DCS-932L version 2.18.01 Description: A critical issue affects the function `sub 404780` of the file `/bin/gpio`. The manipulation of the argument `CameraName` leads to a stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. Recommendations: For D-Link DCS-932L version 2.18.01, as a temporary workaround, consider disabling the `sub 404780` function until a patch is available. Restrict access to the `/bin/gpio` file to minimize the risk of exploitation. Avoid using the `CameraName` argument in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-932L version 2.18.01 **Description** A critical issue affects the function `SubUPnPCSInit` of the file `/sbin/udev`. The manipulation of the argument `CameraName` leads to a stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the `SubUPnPCSInit` function until a patch is available. Restrict access to the `/sbin/udev` file to minimize the risk of exploitation. Avoid using the `CameraName` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DCS-932L version 2.18.01 Description: A critical vulnerability affects the function `isUCPCameraNameChanged` of the file `/sbin/ucp`. The manipulation of the argument `CameraName` leads to a stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. Recommendations: For D-Link DCS-932L version 2.18.01, as a temporary workaround, consider disabling the `isUCPCameraNameChanged` function until a patch is available. Restrict access to the `/sbin/ucp` file to minimize the risk of exploitation. Avoid using the `CameraName` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X6000R version 9.4.0cu.852 20230719 **Description** A critical issue has been found in the TOTOLINK X6000R, affecting the function `setSyslogCfg` of the file `/cgi-bin/cstecgi.cgi`. The manipulation of the argument `rtLogServer` leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the `setSyslogCfg` function until a patch is available. Restrict access to the `/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the parameter `rtLogServer` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200L version 9.3.5u.6146 B20201023 **Description** The issue is related to a stack-based buffer overflow in the `setDefResponse()` function of the `/www/cgi-bin/cstecgi.cgi` file. This can be exploited remotely by manipulating the `IpAddress` argument, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public. **Recommendations** For TOTOLINK EX1200L version 9.3.5u.6146 B20201023, as a temporary workaround, consider disabling the `setDefResponse()` function until a patch is available. Restrict access to the `/www/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the `IpAddress` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200L version 9.3.5u.6146 B20201023 **Description** A critical vulnerability has been found in the function `setLanguageCfg` of the file `/www/cgi-bin/cstecgi.cgi`. The manipulation of the argument `langType` leads to a stack-based buffer overflow. This issue can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** As a temporary workaround, consider disabling the `setLanguageCfg` function until a patch is available. Restrict access to the `/www/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the `langType` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.8 Description: The issue is related to the functions `fromSafeClientFilter()`, `fromSafeMacFilter()`, and `fromSafeUrlFilter()` in the Tenda FH1206 router's firmware. It is a stack-based buffer overflow vulnerability that can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The attack can be launched using a specially crafted request. Recommendations: For Tenda FH1206 version 1.2.0.8, as a temporary workaround, consider disabling the `fromSafeClientFilter()`, `fromSafeMacFilter()`, and `fromSafeUrlFilter()` functions until a patch is available. Restrict access to the vulnerable functions to minimize the risk of exploitation. Avoid using the vulnerable functions in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.8(8155) Description: A critical issue affects the function `fromGstDhcpSetSer` of the file `/goform/GstDhcpSetSer`. The manipulation of the argument `dips` leads to a buffer overflow. This can be exploited remotely, allowing an attacker to execute arbitrary commands or cause a denial of service. Recommendations: For Tenda FH1206 version 1.2.0.8(8155), as a temporary workaround, consider disabling the `fromGstDhcpSetSer` function until a patch is available. Restrict access to the `/goform/GstDhcpSetSer` endpoint to minimize the risk of exploitation. Avoid using the `dips` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.8(8155) Description: A critical vulnerability was found in the function `fromqossetting` of the file `/goform/qossetting`. The manipulation of the argument `page` leads to a stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For Tenda FH1206 version 1.2.0.8(8155), as a temporary workaround, consider disabling the `fromqossetting` function until a patch is available. Restrict access to the `/goform/qossetting` endpoint to minimize the risk of exploitation. Avoid using the `page` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda A301 version 15.13.08.12 **Description** A critical vulnerability has been found in the function `formWifiBasicSet` of the file `/goform/WifiBasicSet`, which is affected by a stack-based buffer overflow due to the manipulation of the `security` argument. This issue can be exploited remotely, potentially leading to a denial of service. The exploit has been publicly disclosed. **Recommendations** For Tenda A301 version 15.13.08.12, as a temporary workaround, consider disabling the `formWifiBasicSet` function until a patch is available. Restrict access to the `/goform/WifiBasicSet` file to minimize the risk of exploitation. Avoid using the `security` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i22 version 1.0.0.3(4687) **Description** A critical issue was found in the function `formApPortalAccessCodeAuth` of the file `/goform/apPortalAccessCodeAuth`. The manipulation of the argument `accessCode/data/acceInfo` leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider disabling the `formApPortalAccessCodeAuth` function until a patch is available. Restrict access to the `/goform/apPortalAccessCodeAuth` endpoint to minimize the risk of exploitation. Avoid using the `accessCode/data/acceInfo` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-600 versions up to 2.18 **Description** A critical issue affects the function `soapcgi main` of the file `/soap.cgi`. The manipulation of the argument `service` leads to os command injection. The attack may be initiated remotely. This issue only affects products that are no longer supported by the maintainer. The vendor has confirmed that the product is end-of-life and should be retired and replaced. **Recommendations** For D-Link DIR-600 versions up to 2.18, the recommended course of action is to retire and replace the product, as it is no longer supported by the maintainer. As a temporary workaround, consider restricting access to the `/soap.cgi` file to minimize the risk of exploitation. Avoid using the `service` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i22 version 1.0.0.3(4687) **Description** A critical issue was found in the `formApPortalPhoneAuth` function of the `/goform/apPortalPhoneAuth` file. The manipulation of the `data` argument leads to a buffer overflow. This can be exploited remotely. The issue is related to the lack of size checking for input data, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider disabling the `formApPortalPhoneAuth` function until a patch is available. Restrict access to the `/goform/apPortalPhoneAuth` endpoint to minimize the risk of exploitation. Avoid using the `data` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i22 version 1.0.0.3(4687) **Description** The issue is related to a buffer overflow in the `formApPortalOneKeyAuth` function due to lack of input size validation. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be triggered by manipulating the `data` argument in the `/goform/apPortalOneKeyAuth` endpoint. **Recommendations** For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider disabling the `formApPortalOneKeyAuth` function until a patch is available. Restrict access to the `/goform/apPortalOneKeyAuth` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i22 version 1.0.0.3(4687) **Description** The issue is related to a buffer overflow in the formApPortalWebAuth function due to lack of input size validation. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the manipulation of the `webUserName` and `webUserPassword` arguments in the `/goform/apPortalAuth` endpoint. **Recommendations** For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider restricting access to the `/goform/apPortalAuth` endpoint until a patch is available. Avoid using the `webUserName` and `webUserPassword` arguments in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.