Calmc1

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 version 3.2 **Description** A critical issue has been found in the function `get ip addr details` of the file `/view/vpn/sxh vpn/sxh vpnlic.php` of the component HTTP POST Request Handler. The manipulation of the argument `ethname` leads to command injection. The attack can be initiated remotely. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DAR-7000 version 3.2, as a temporary workaround, consider disabling the `get ip addr details` function until a patch is available. Restrict access to the `/view/vpn/sxh vpn/sxh vpnlic.php` file to minimize the risk of exploitation. Avoid using the `ethname` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X18 version 9.1.0cu.2024 B20220329 **Description** A critical issue exists in the `setMtknatCfg` function within the `/cgi-bin/cstecgi.cgi` file of the TOTOLINK X18 device. Manipulation of the `mtkhnatEnable` argument can lead to operating system command injection. This allows for remote execution of arbitrary commands. The exploit for this issue has been publicly disclosed and may be used. The vendor was informed of this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.