Bienpnn

Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.2.5-8227-11 Synology Router Manager versions prior to 1.3.1-9346-8 Description: The issue is related to the AirPrint functionality in Synology Router Manager, where code is loaded without integrity checks. This allows a remote attacker to execute arbitrary code, potentially via man-in-the-middle attacks. Recommendations: For Synology Router Manager versions prior to 1.2.5-8227-11, update to version 1.2.5-8227-11 or later. For Synology Router Manager versions prior to 1.3.1-9346-8, update to version 1.3.1-9346-8 or later.

**Name of the Vulnerable Software and Affected Versions** Windows CD-ROM File System Driver (affected versions not specified) **Description** The issue is related to an integer overflow in the Windows CD-ROM File System Driver. This allows a remote attacker to execute arbitrary code by using a specially crafted ISO file. The vulnerability can be exploited to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P (affected versions not specified) **Description** The issue is related to weaknesses in the authentication procedure of the web interface of the affected routers. This could allow a remote attacker to gain partial administrative privileges and perform unauthorized actions. The vulnerability may also enable an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). **Recommendations** For Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P, consider disabling the web interface until a patch is available. Restrict access to the `upload.cgi` endpoint to minimize the risk of exploitation. Avoid using the `sessionid` variable in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link AC1750 version 1.1.4 Build 20211022 rel.59103(5553) **Description** The issue is related to a read past the end of an allocated buffer in the NetUSB.ko module, which can be exploited by network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 routers. The flaw exists due to the lack of proper validation of user-supplied data. An attacker can leverage this vulnerability to execute code in the context of the root user. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For TP-Link AC1750 version 1.1.4 Build 20211022 rel.59103(5553), consider disabling the NetUSB.ko module as a temporary workaround until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the vulnerable NetUSB.ko module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.