Ch13Hh

Name of the Vulnerable Software and Affected Versions: Linksys E8450 versions up to 1.2.00.360516 Description: A critical vulnerability was found in the Linksys E8450, affecting the `set device language` function of the `portal.cgi` file in the HTTP POST Request Handler component. The manipulation of the `dut language` argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations: For Linksys E8450 versions up to 1.2.00.360516, as a temporary workaround, consider disabling the `set device language` function until a patch is available. Restrict access to the `portal.cgi` file to minimize the risk of exploitation. Avoid using the `dut language` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C GR-3000AX version V100R007L50 **Description** A critical vulnerability was found in the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument `param` leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue but assesses the risk as low and does not have immediate plans for remediation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `UpdateWanParamsMulti/UpdateIpv6Params` functions until a patch is available. Restrict access to the `/routing/goform/aspForm` file to minimize the risk of exploitation. Avoid using the `param` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** H3C GR-5400AX version V100R009L50 **Description** A critical issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument `param` leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue but assesses the risk as low and does not have immediate plans for remediation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 versions up to V1410 240222 **Description** A critical issue was found in the affected devices, classified as critical. The problem lies in the function `sys login` of the file `/cgi-bin/login.cgi` of the component HTTP POST Request Handler. The manipulation of the argument `login page` leads to buffer overflow. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 versions up to V1410 240222, consider disabling the `sys login` function in the `/cgi-bin/login.cgi` file as a temporary workaround until a patch is available. Restrict access to the `/cgi-bin/login.cgi` file to minimize the risk of exploitation. Avoid using the `login page` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C R2+ProG versions up to 200R004 **Description** A problematic issue was found in the HTTP POST Request Handler component, specifically in the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit BasicSSID/Edit GuestSSIDFor2P4G/Edit BasicSSID 5G/SetAPInfoById of the file /goform/aspForm. The manipulation of the `param` argument leads to denial of service. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For H3C R2+ProG versions up to 200R004, as a temporary workaround, consider restricting access to the /goform/aspForm file to minimize the risk of exploitation. Avoid using the `param` argument in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C Magic R200G versions up to 100R002 **Description** A vulnerability has been found in the HTTP POST Request Handler component, specifically affecting the function Edit BasicSSID, Edit BasicSSID 5G, SetAPWifiorLedInfoById, SetMobileAPInfoById, Asp SetTimingtimeWifiAndLed, AddMacList, EditMacList, AddWlanMacList, and EditWlanMacList of the file /goform/aspForm. The manipulation of the `param` argument leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For H3C Magic R200G versions up to 100R002, as a temporary workaround, consider restricting access to the /goform/aspForm file to minimize the risk of exploitation. Avoid using the `param` argument in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability was found in the HTTP POST Request Handler component, affecting unknown code of the file /boafrm/formDMZ. The manipulation of the `submit-url` argument leads to a buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider restricting access to the /boafrm/formDMZ file and the HTTP POST Request Handler component until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects the `submit-url` function of the file `/boafrm/formReflashClientTbl` in the HTTP POST Request Handler component, leading to a buffer overflow. This can be exploited remotely. The exploit has been publicly disclosed and may be used. Recommendations: For TOTOLINK A702R, A3002R and A3002RU version 3.0.0-B20230809.1615, consider disabling the `submit-url` function of the `/boafrm/formReflashClientTbl` file in the HTTP POST Request Handler component as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the `submit-url` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue has been discovered, affecting the HTTP POST Request Handler component, specifically the file /boafrm/formWsc. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations: For TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615, consider restricting access to the /boafrm/formWsc file until a patch is available. As a temporary workaround, avoid using the `submit-url` argument in the affected HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue was found in the HTTP POST Request Handler component, specifically affecting unknown code of the file /boafrm/formFilter. The manipulation of the `ip6addr` argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler component until a patch is available. Restrict access to the /boafrm/formFilter file to minimize the risk of exploitation. Avoid using the `ip6addr` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability has been found in the HTTP POST Request Handler component of TOTOLINK A3002R and A3002RU. This issue affects some unknown processing of the file /boafrm/formIpQoS. The manipulation of the `mac` argument leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler until a patch is available. Restrict access to the /boafrm/formIpQoS file to minimize the risk of exploitation. Avoid using the `mac` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-880L versions up to 104WWb01 **Description** A critical vulnerability was found in the Request Header Handler component, specifically affecting the function `sub 16570` of the file `/htdocs/ssdpcgi`. The manipulation of the argument `HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID` leads to command injection. This issue can be exploited remotely. The exploit has been publicly disclosed, making it potentially usable. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-880L versions up to 104WWb01, as a temporary workaround, consider restricting access to the `/htdocs/ssdpcgi` file to minimize the risk of exploitation. Additionally, avoid using the `HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC1206 versions up to 15.03.06.23 **Description** A critical issue affects the `setSchedWifi` function of the file `/goform/openSchedWifi`. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tenda AC1206 versions up to 15.03.06.23, consider disabling the `setSchedWifi` function as a temporary workaround until a patch is available. Restrict access to the `/goform/openSchedWifi` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC1206 versions up to 15.03.06.23 **Description** A critical vulnerability was found in Tenda AC1206, affecting the function `formSetCfm` of the file `/goform/setcfm`. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tenda AC1206 versions up to 15.03.06.23, as a temporary workaround, consider disabling the `formSetCfm` function until a patch is available. Restrict access to the `/goform/setcfm` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys FGW3000-AH and FGW3000-HK versions up to 1.0.17.000000 **Description** A critical issue was found, affecting the function `sub 4153FC` of the file `/cgi-bin/sysconf.cgi` in the HTTP POST Request Handler component. The manipulation of the argument `supplicant rnd id en` leads to command injection. This issue can be exploited remotely. **Recommendations** For versions up to 1.0.17.000000, as a temporary workaround, consider disabling the `sub 4153FC` function until a patch is available. Restrict access to the `/cgi-bin/sysconf.cgi` file to minimize the risk of exploitation. Avoid using the argument `supplicant rnd id en` in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys FGW3000-AH and FGW3000-HK versions up to 1.0.17.000000 **Description** A critical issue affects the `control panel sw` function of the `/cgi-bin/sysconf.cgi` file in the HTTP POST Request Handler component. The manipulation of the `filename` argument leads to command injection. This issue can be exploited remotely. **Recommendations** For Linksys FGW3000-AH and FGW3000-HK versions up to 1.0.17.000000, consider disabling the `control panel sw` function as a temporary workaround until a patch is available. Restrict access to the `/cgi-bin/sysconf.cgi` file to minimize the risk of exploitation. Avoid using the `filename` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 **Description** The issue is related to a buffer overflow in the /goform/SetPptpServerCfg form, specifically affecting the `pptp server start ip` and `pptp server end ip` variables. **Recommendations** For Tenda AC7 version 15.03.06.44, as a temporary workaround, consider restricting access to the /goform/SetPptpServerCfg form until a patch is available. Avoid using the `pptp server start ip` and `pptp server end ip` variables in the affected form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tenda AC1206 version 15.03.06.23 **Description** A critical issue is present in the function `form fast setting wifi set` of the file `/goform/fast setting wifi set`, where the manipulation of the argument `ssid/timeZone` leads to a buffer overflow. This can be exploited remotely by sending a specially crafted POST request. Other parameters might also be affected. **Recommendations** For Tenda AC1206 version 15.03.06.23, consider disabling the `form fast setting wifi set` function until a patch is available. Restrict access to the `/goform/fast setting wifi set` endpoint to minimize the risk of exploitation. Avoid using the `ssid` and `timeZone` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.