Buaai0Tteam

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 **Description** A critical issue has been found in the function `cgi get cooliris` of the file `/cgi-bin/photocenter mgr.cgi`. The manipulation of the `path` argument leads to a buffer overflow. This issue can be exploited remotely, allowing an attacker to execute arbitrary commands using a specially crafted POST request. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer, and the vendor has confirmed that the product is end-of-life. **Recommendations** As a temporary workaround, consider disabling the `cgi get cooliris` function until a replacement or update is available. Restrict access to the `/cgi-bin/photocenter mgr.cgi` file to minimize the risk of exploitation. Avoid using the `path` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability. It is recommended to retire and replace the affected products.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the `cgi set cover()` function of the `/cgi-bin/photocenter mgr.cgi` file. This vulnerability can be exploited remotely by manipulating the `album name` argument, allowing an attacker to execute arbitrary commands using a specially crafted POST request. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited. **Recommendations** As a temporary workaround, consider disabling the `cgi set cover()` function until a patch is available. Restrict access to the `/cgi-bin/photocenter mgr.cgi` file to minimize the risk of exploitation. Avoid using the `album name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814 **Description** The issue affects the function `cgi del photo` of the file `/cgi-bin/photocenter mgr.cgi`. The manipulation of the argument `current path` leads to buffer overflow. This can be exploited remotely. The products affected by this issue are no longer supported by the maintainer and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling the `cgi del photo` function until the issue is resolved. Restrict access to the `/cgi-bin/photocenter mgr.cgi` file to minimize the risk of exploitation. Avoid using the `current path` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814 **Description** A critical issue affects the function `cgi get fullscreen photos` of the file `/cgi-bin/photocenter mgr.cgi`. The manipulation of the argument `user` leads to a buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. The vendor confirmed that the product is end-of-life and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling the `cgi get fullscreen photos` function until a replacement is available. Restrict access to the `/cgi-bin/photocenter mgr.cgi` file to minimize the risk of exploitation. Avoid using the `user` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability. It is recommended to retire and replace the affected products.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814 **Description** The issue is related to a buffer overflow vulnerability in the `cgi move photo()` function of the `/cgi-bin/photocenter mgr.cgi` file. This vulnerability can be exploited remotely by manipulating the `photo name` argument, allowing an attacker to execute arbitrary commands using a specially crafted POST request. The vulnerability affects products that are no longer supported by the maintainer and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling the `cgi move photo()` function until the issue is resolved. Restrict access to the `/cgi-bin/photocenter mgr.cgi` file to minimize the risk of exploitation. Avoid using the `photo name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 **Description** A critical issue affects the function `cgi create album` of the file `/cgi-bin/photocenter mgr.cgi`. The manipulation of the argument `current path` leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. The vendor confirmed that the product is end-of-life and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling the `cgi create album` function until the issue is resolved. Restrict access to the `/cgi-bin/photocenter mgr.cgi` file to minimize the risk of exploitation. Avoid using the `current path` argument in the affected API endpoint until the issue is resolved. Since the products are end-of-life, the recommended course of action is to retire and replace them. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 **Description** A critical issue affects the function `cgi audio search`, `cgi create playlist`, `cgi get album all tracks`, `cgi get alltracks editlist`, `cgi get artist all album`, `cgi get genre all tracks`, `cgi get tracks list`, `cgi set airplay content`, and `cgi write playlist` of the file `/cgi-bin/myMusic.cgi`. This issue leads to command injection and can be exploited remotely. The exploit has been disclosed to the public. Note that this issue only affects products that are no longer supported by the maintainer and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling the `cgi audio search`, `cgi create playlist`, `cgi get album all tracks`, `cgi get alltracks editlist`, `cgi get artist all album`, `cgi get genre all tracks`, `cgi get tracks list`, `cgi set airplay content`, and `cgi write playlist` functions of the `/cgi-bin/myMusic.cgi` file until a patch is available. Restrict access to the `/cgi-bin/myMusic.cgi` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.