Bond

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn versions prior to 1.31 **Description** An OS command injection flaw exists in the `webs` component. The issue occurs within the `formWpsStart()` function located in the '/goform/formWpsStart' endpoint when processing the `pinCode` variable. This allows for remote exploitation by manipulating the specified argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn versions prior to 1.32 **Description** A remote buffer overflow exists in the webs component. The issue occurs within the `formWirelessTbl()` function located in the '/goform/formWirelessTbl' endpoint when the `submit-url` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn versions prior to 1.32 **Description** A buffer overflow can be triggered remotely within the `webs` component. The issue exists in the `formWizSurvey()` function located in the '/goform/formWizSurvey' endpoint. This occurs when manipulating the `ssid`, `manualssid`, `ip`, `mask`, or `gateway` arguments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn versions prior to 1.32 **Description** A stack-based buffer overflow can be executed remotely via the `webs` component. The issue exists in an unknown function within the '/goform/formWpsStart' endpoint when manipulating the `pinCode/wlan-url` argument. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** Update Edimax EW-7438RPn to version 1.32 or later. As a temporary workaround, restrict access to the '/goform/formWpsStart' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A flaw exists in several D-Link devices related to command injection. The issue stems from manipulating the `f user` argument within the `cgi myfavorite add/cgi myfavorite set/cgi myfavorite del/cgi myfavorite set sort info/cgi myfavorite remove apkg/cgi myfavorite compare apkg/cgi mycloud auto downlaod` functions located in the `/cgi-bin/gui mgr.cgi` file. This allows for remote exploitation. An exploit for this issue has been published. **Recommendations** D-Link DNS-120: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-202L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-315L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320LW: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-321: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-322L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-323: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-325: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-327L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-340L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-343: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-345: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-726-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1100-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1200-05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1550-04: Update to a version after 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in several D-Link devices. The affected element is the `cgi refresh db`/`FTP Server BlockIP Add`/`FTP Server BlockIP Del` function within the `/cgi-bin/app mgr.cgi` file. Manipulation of this function can lead to command injection, and the attack can be executed remotely. The exploit for this issue has been publicly disclosed. **Recommendations** D-Link DNS-120: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-202L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-315L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320LW: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-321: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-322L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-323: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-325: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-327L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-340L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-343: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-345: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-726-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1100-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1200-05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1550-04: Update to a version later than 20260205.

**Name of the Vulnerable Software and Affected Versions:** Netgear D6400 version 1.0.0.114 **Description:** A critical vulnerability exists in the `diag.cgi` file of the Netgear D6400. Manipulation of the `host name` argument can lead to os command injection. This issue is remotely exploitable. The exploit has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue was found, affecting the function `formBSSetSitesurvey` of the file `/goform/formBSSetSitesurvey` in the component `webs`. The manipulation of the arguments `wan ipaddr`, `wan netmask`, `wan gateway`, and `wl ssid` can lead to OS command injection. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. Recommendations: As a temporary workaround, consider disabling the `formBSSetSitesurvey` function until a patch is available. Restrict access to the `/goform/formBSSetSitesurvey` endpoint to minimize the risk of exploitation. Avoid using the parameters `wan ipaddr`, `wan netmask`, `wan gateway`, and `wl ssid` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical vulnerability affects the function `formWpsStart` of the file "/goform/formWpsStart" in the component webs. The manipulation of the argument `pinCode` leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. Recommendations: For Belkin F9K1122 version 1.00.33, as a temporary workaround, consider disabling the `formWpsStart` function until a patch is available. Restrict access to the "/goform/formWpsStart" endpoint to minimize the risk of exploitation. Avoid using the `pinCode` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue has been found in the Belkin F9K1122, affecting the function `mp` of the file `/goform/mp` of the component `webs`. The manipulation of the argument `command` leads to os command injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For Belkin F9K1122 version 1.00.33, as a temporary workaround, consider disabling the `mp` function of the `/goform/mp` file until a patch is available. Restrict access to the `webs` component to minimize the risk of exploitation. Avoid using the `command` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue has been found, affecting the function `formSetWanStatic` of the file `/goform/formSetWanStatic` in the component `webs`. The manipulation of the arguments `m wan ipaddr`, `m wan netmask`, `m wan gateway`, `m wan staticdns1`, and `m wan staticdns2` can be directly controlled by an attacker, leading to os command injection. This issue can be exploited remotely. Recommendations: For Belkin F9K1122 version 1.00.33, as a temporary workaround, consider restricting access to the `/goform/formSetWanStatic` endpoint to minimize the risk of exploitation. Avoid using the arguments `m wan ipaddr`, `m wan netmask`, `m wan gateway`, `m wan staticdns1`, and `m wan staticdns2` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.