Bond_Yes

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn version 1.31 **Description** A stack-based buffer overflow can be executed remotely via the `formHwSet()` function located in the '/goform/formHwSet' endpoint. This occurs through the manipulation of the `Anntena`, `Mcs`, `regDomain`, `nic0Addr`, `nic1Addr`, `wlanAddr`, `wanAddr`, `wlanSSID`, `wlanChan`, `initgain`, `txcck`, `txofdm`, or `submit-url` arguments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn version 1.31 **Description** A stack-based buffer overflow occurs in the `formWlanMP()` function within the '/goform/formWlanMP' endpoint. This issue is triggered by the manipulation of several arguments, including `ateFunc`, `ateGain`, `ateTxCount`, `ateChan`, `ateRate`, `ateMacID`, `e2pTxPower1`, `e2pTxPower2`, `e2pTxPower3`, `e2pTxPower4`, `e2pTxPower5`, `e2pTxPower6`, `e2pTxPower7`, `e2pTx2Power1`, `e2pTx2Power2`, `e2pTx2Power3`, `e2pTx2Power4`, `e2pTx2Power5`, `e2pTx2Power6`, `e2pTx2Power7`, `ateTxFreqOffset`, `ateMode`, `ateBW`, `ateAntenna`, `e2pTxFreqOffset`, `e2pTxPwDeltaB`, `e2pTxPwDeltaG`, `e2pTxPwDeltaMix`, `e2pTxPwDeltaN`, and `readE2P`. Remote exploitation is possible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn version 1.31 **Description** A weakness in the Content-Type Handler component allows for remote OS command injection. This occurs through the manipulation of multiple arguments, including `ateFunc`, `ateGain`, `ateTxCount`, `ateChan`, `ateRate`, `ateMacID`, `e2pTxPower1`, `e2pTxPower2`, `e2pTxPower3`, `e2pTxPower4`, `e2pTxPower5`, `e2pTxPower6`, `e2pTxPower7`, `e2pTx2Power1`, `e2pTx2Power2`, `e2pTx2Power3`, `e2pTx2Power4`, `e2pTx2Power5`, `e2pTx2Power6`, `e2pTx2Power7`, `ateTxFreqOffset`, `ateMode`, `ateBW`, `ateAntenna`, `e2pTxFreqOffset`, `e2pTxPwDeltaB`, `e2pTxPwDeltaG`, `e2pTxPwDeltaMix`, `e2pTxPwDeltaN`, and `readE2P`, within the `formWlanMP()` function of the '/goform/formWlanMP' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn versions prior to 1.31 **Description** A stack-based buffer overflow exists in the webs component within the '/goform/mp' file. This issue occurs due to the manipulation of the `webs` argument, allowing a remote attacker to launch an attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn versions prior to 1.31 **Description** Remote OS command injection is possible within the webs component. The issue exists in the `formWizSurvey()` function located in the '/goform/formWizSurvey' endpoint. Manipulation of the `ip/mask/gateway` argument allows an attacker to execute arbitrary operating system commands remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A flaw exists that allows for command injection. This occurs through manipulation of the `/cgi-bin/dsk mgr.cgi` file, specifically within the `FMT rebuild diskmgr`, `FMT create diskmgr`, and `ScanDisk run e2fsck` functions. The attack can be carried out remotely. The exploit for this issue has been publicly released. **Recommendations** D-Link DNS-120: Update to a version after 20260205. D-Link DNR-202L: Update to a version after 20260205. D-Link DNS-315L: Update to a version after 20260205. D-Link DNS-320: Update to a version after 20260205. D-Link DNS-320L: Update to a version after 20260205. D-Link DNS-320LW: Update to a version after 20260205. D-Link DNS-321: Update to a version after 20260205. D-Link DNR-322L: Update to a version after 20260205. D-Link DNS-323: Update to a version after 20260205. D-Link DNS-325: Update to a version after 20260205. D-Link DNS-326: Update to a version after 20260205. D-Link DNS-327L: Update to a version after 20260205. D-Link DNR-326: Update to a version after 20260205. D-Link DNS-340L: Update to a version after 20260205. D-Link DNS-343: Update to a version after 20260205. D-Link DNS-345: Update to a version after 20260205. D-Link DNS-726-4: Update to a version after 20260205. D-Link DNS-1100-4: Update to a version after 20260205. D-Link DNS-1200-05: Update to a version after 20260205. D-Link DNS-1550-04: Update to a version after 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in the `cgi device/cgi sms test/cgi firmware upload/cgi ntp time` function within the `/cgi-bin/system mgr.cgi` file. Successful manipulation of this function can lead to command injection. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001 Linksys RE6300 version 1.0.04.002 Linksys RE6300 version 1.1.05.003 Linksys RE6300 version 1.2.07.001 Linksys RE6350 version 1.0.013.001 Linksys RE6350 version 1.0.04.001 Linksys RE6350 version 1.0.04.002 Linksys RE6350 version 1.1.05.003 Linksys RE6350 version 1.2.07.001 Linksys RE6500 version 1.0.013.001 Linksys RE6500 version 1.0.04.001 Linksys RE6500 version 1.0.04.002 Linksys RE6500 version 1.1.05.003 Linksys RE6500 version 1.2.07.001 Linksys RE7000 version 1.0.013.001 Linksys RE7000 version 1.0.04.001 Linksys RE7000 version 1.0.04.002 Linksys RE7000 version 1.1.05.003 Linksys RE7000 version 1.2.07.001 Linksys RE9000 version 1.0.013.001 Linksys RE9000 version 1.0.04.001 Linksys RE9000 version 1.0.04.002 Linksys RE9000 version 1.1.05.003 Linksys RE9000 version 1.2.07.001 **Description** A vulnerability exists in the `cgiMain` function of the `/cgi-bin/upload.cgi` file. Manipulation of the `filename` argument can lead to operating system command injection. This issue can be exploited remotely. The vulnerability has been publicly disclosed. **Recommendations** Linksys RE6250 versions prior to 1.0.013.001 Linksys RE6250 versions prior to 1.0.04.001 Linksys RE6250 versions prior to 1.0.04.002 Linksys RE6250 versions prior to 1.1.05.003 Linksys RE6250 versions prior to 1.2.07.001 Linksys RE6300 versions prior to 1.0.013.001 Linksys RE6300 versions prior to 1.0.04.001 Linksys RE6300 versions prior to 1.0.04.002 Linksys RE6300 versions prior to 1.1.05.003 Linksys RE6300 versions prior to 1.2.07.001 Linksys RE6350 versions prior to 1.0.013.001 Linksys RE6350 versions prior to 1.0.04.001 Linksys RE6350 versions prior to 1.0.04.002 Linksys RE6350 versions prior to 1.1.05.003 Linksys RE6350 versions prior to 1.2.07.001 Linksys RE6500 versions prior to 1.0.013.001 Linksys RE6500 versions prior to 1.0.04.001 Linksys RE6500 versions prior to 1.0.04.002 Linksys RE6500 versions prior to 1.1.05.003 Linksys RE6500 versions prior to 1.2.07.001 Linksys RE7000 versions prior to 1.0.013.001 Linksys RE7000 versions prior to 1.0.04.001 Linksys RE7000 versions prior to 1.0.04.002 Linksys RE7000 versions prior to 1.1.05.003 Linksys RE7000 versions prior to 1.2.07.001 Linksys RE9000 versions prior to 1.0.013.001 Linksys RE9000 versions prior to 1.0.04.001 Linksys RE9000 versions prior to 1.0.04.002 Linksys RE9000 versions prior to 1.1.05.003 Linksys RE9000 versions prior to 1.2.07.001 Consider disabling the `/cgi-bin/upload.cgi` file to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 **Description:** A stack-based buffer overflow exists in the `setIpv6` function within the `/goform/setIpv6` file. Manipulation of the `tunrd Prefix` argument can trigger the overflow, potentially allowing for remote code execution. The vulnerability has been publicly disclosed. **Recommendations:** Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001 Linksys RE6300 version 1.0.04.002 Linksys RE6300 version 1.1.05.003 Linksys RE6300 version 1.2.07.001 Linksys RE6350 version 1.0.013.001 Linksys RE6350 version 1.0.04.001 Linksys RE6350 version 1.0.04.002 Linksys RE6350 version 1.1.05.003 Linksys RE6350 version 1.2.07.001 Linksys RE6500 version 1.0.013.001 Linksys RE6500 version 1.0.04.001 Linksys RE6500 version 1.0.04.002 Linksys RE6500 version 1.1.05.003 Linksys RE6500 version 1.2.07.001 Linksys RE7000 version 1.0.013.001 Linksys RE7000 version 1.0.04.001 Linksys RE7000 version 1.0.04.002 Linksys RE7000 version 1.1.05.003 Linksys RE7000 version 1.2.07.001 Linksys RE9000 version 1.0.013.001 Linksys RE9000 version 1.0.04.001 Linksys RE9000 version 1.0.04.002 Linksys RE9000 version 1.1.05.003 Linksys RE9000 version 1.2.07.001 At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6300 version 1.0.013.001 Linksys RE6350 version 1.0.013.001 Linksys RE6500 version 1.0.013.001 Linksys RE7000 version 1.0.013.001 Linksys RE9000 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6300 version 1.0.04.001 Linksys RE6350 version 1.0.04.001 Linksys RE6500 version 1.0.04.001 Linksys RE7000 version 1.0.04.001 Linksys RE9000 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6300 version 1.0.04.002 Linksys RE6350 version 1.0.04.002 Linksys RE6500 version 1.0.04.002 Linksys RE7000 version 1.0.04.002 Linksys RE9000 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6300 version 1.1.05.003 Linksys RE6350 version 1.1.05.003 Linksys RE6500 version 1.1.05.003 Linksys RE7000 version 1.1.05.003 Linksys RE9000 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.2.07.001 Linksys RE6350 version 1.2.07.001 Linksys RE6500 version 1.2.07.001 Linksys RE7000 version 1.2.07.001 Linksys RE9000 version 1.2.07.001 Description: A stack-based buffer overflow exists in the `portRangeForwardAdd` function within the `/goform/portRangeForwardAdd` file. Manipulation of the `ruleName`, `schedule`, `inboundFilter`, `TCPPorts`, and `UDPPorts` arguments can trigger the overflow. This issue is remotely exploitable. The exploit is publicly available. Recommendations: Linksys RE6250 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A stack-based buffer overflow vulnerability exists in the `QoSSetup` function of the `/goform/QoSSetup` file. Manipulation of the `ack policy` argument can trigger the overflow, potentially allowing for remote exploitation. The vendor was contacted regarding this issue but did not respond. Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/QoSSetup` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A stack-based buffer overflow exists in the `setWan` function of the `/goform/setWan` file. Manipulation of the `DeviceName/lanIp` argument causes the overflow, allowing for potential remote code execution. Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `setWan` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6300 version 1.0.013.001 Linksys RE6350 version 1.0.013.001 Linksys RE6500 version 1.0.013.001 Linksys RE7000 version 1.0.013.001 Linksys RE9000 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6300 version 1.0.04.001 Linksys RE6350 version 1.0.04.001 Linksys RE6500 version 1.0.04.001 Linksys RE7000 version 1.0.04.001 Linksys RE9000 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6300 version 1.0.04.002 Linksys RE6350 version 1.0.04.002 Linksys RE6500 version 1.0.04.002 Linksys RE7000 version 1.0.04.002 Linksys RE9000 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6300 version 1.1.05.003 Linksys RE6350 version 1.1.05.003 Linksys RE6500 version 1.1.05.003 Linksys RE7000 version 1.1.05.003 Linksys RE9000 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.2.07.001 Linksys RE6350 version 1.2.07.001 Linksys RE6500 version 1.2.07.001 Linksys RE7000 version 1.2.07.001 Linksys RE9000 version 1.2.07.001 Description: A stack-based buffer overflow exists in the `singlePortForwardAdd` function within the file `/goform/singlePortForwardAdd` of Linksys RE Series range extenders. This flaw allows for remote code execution with root access by manipulating the `ruleName`, `schedule`, or `inboundFilter` arguments. The exploit for this issue has been published. Recommendations: Linksys RE6250 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A stack-based buffer overflow exists in the `setSysAdm` function of the `/goform/setSysAdm` file. Manipulation of the `rm port` argument can trigger this issue, allowing for remote code execution. The vulnerability has been publicly disclosed. Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/setSysAdm` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A vulnerability exists in the `systemCommand` function of the `/goform/systemCommand` file. Manipulation of the `command` argument can lead to OS command injection. The attack may be launched remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. Recommendations: As a temporary workaround, consider restricting access to the `/goform/systemCommand` file to minimize the risk of exploitation.