Cha0Yang

**Name of the Vulnerable Software and Affected Versions** Comfast CF-E4 version 2.6.0.1 **Description** A flaw exists in Comfast CF-E4 that allows for remote command injection. The issue is located within the HTTP POST Request Handler component, specifically in the file `/cgi-bin/mbox-config?method=SET&section=ntp timezone`. Manipulation of the `timestr` argument can lead to unauthorized command execution. The exploit for this issue is publicly available. The vendor was contacted regarding this disclosure but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-931L versions up to 1.13.0 **Description** A flaw exists in D-Link DCS-931L up to version 1.13.0 that allows for operating system command injection. This occurs through manipulation of the `AdminID` argument within the /goform/setSysAdmin file. The attack can be initiated remotely. The exploit is publicly available. This issue impacts products that are no longer supported by the vendor. **Recommendations** Versions up to 1.13.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 521G version 3.1.1-190816 **Description** A flaw exists in the `doSystem` function within the `/goform/setSysAdm` file. Manipulation of the `passwd1` argument can result in command injection. This issue may be exploited remotely. The exploit is publicly available. **Recommendations** Apply updates to address the vulnerability in the `doSystem` function. As a temporary workaround, restrict access to the `/goform/setSysAdm` file. Avoid using the `passwd1` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810 version 1.7.4-141218 **Description** A flaw exists in the rehttpd component of UTT HiPER 810. Specifically, the `sub 4407D4` function within the `/goform/formReleaseConnect` file is susceptible to command injection. Manipulating the `Isp Name` argument can allow for remote execution of commands. The exploit for this issue has been publicly disclosed. **Recommendations** Apply updates to address the vulnerability in the `sub 4407D4` function of the `/goform/formReleaseConnect` file. As a temporary workaround, restrict or disable the use of the `Isp Name` argument.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810 version 1.7.4-141218 **Description** A flaw exists in the `setSysAdm` function within the `/goform/formUser` file. Manipulating the `passwd1` argument can lead to command injection. Remote exploitation is possible. The details of the exploit have been publicly disclosed. The vendor was informed of this disclosure but did not respond. **Recommendations** Apply a fix for the vulnerability in the `setSysAdm` function within the `/goform/formUser` file. As a temporary workaround, restrict access to the `setSysAdm` function until a patch is available. Avoid using the `passwd1` parameter in the `/goform/formUser` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 521G version 3.1.1-190816 **Description** A flaw exists in the function `sub 446B18` located in the file `/goform/formPdbUpConfig`. Manipulation of the `policyNames` argument can result in operating system command injection. This issue is potentially exploitable remotely. The exploit has been publicly disclosed. **Recommendations** Apply mitigations to prevent manipulation of the `policyNames` argument in the `sub 446B18` function of the `/goform/formPdbUpConfig` file.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810 version 1.7.4-141218 **Description** A flaw exists in UTT HiPER 810 that allows for remote command injection. The issue is located in the `sub 43F020` function within the `/goform/formPdbUpConfig` file. Manipulation of the `policyNames` argument can lead to the execution of arbitrary commands. The exploit for this issue is publicly available. **Recommendations** Versions prior to 1.7.4-141218 are not affected. As a mitigation, restrict access to the `/goform/formPdbUpConfig` file. Avoid using the `policyNames` argument in the affected API endpoint `/goform/formPdbUpConfig` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810 version 1.7.4-141218 **Description** A buffer overflow issue exists in the `strcpy` function within the `/goform/setSysAdm` file of UTT HiPER 810. Manipulation of the `passwd1` argument triggers the overflow. Remote exploitation is possible via the `/goform/setSysAdm` API endpoint. The exploit has been published. **Recommendations** Versions prior to 1.7.4-141218 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.