Chen Xiao

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN575A3 version RPT75A3.V4300 **Description** The issue is caused by a lack of strict length checks on user-controlled data, leading to buffer overflow vulnerabilities. Successful exploitation can result in crashing remote devices or executing arbitrary commands without authorization verification. **Recommendations** For Wavlink WL-WN575A3 version RPT75A3.V4300, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-752DRU version 1.03B01 **Description** The issue is due to a lack of length verification for the `service` field in `gena.cgi`, leading to a buffer overflow. This can cause the remote target device to crash or allow attackers to execute arbitrary commands. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For TRENDnet TEW-752DRU version 1.03B01, as a temporary workaround, consider disabling access to the `gena.cgi` endpoint until a patch is available. Restrict the use of the `service` parameter in the `gena.cgi` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link RE365 version V1 180213 **Description** The issue is related to a buffer overflow vulnerability due to the lack of length verification for the `USER AGENT` field in `/usr/bin/httpd`. This vulnerability can be exploited by attackers to cause the remote target device to crash or execute arbitrary commands. The vulnerability is related to the `USER AGENT` field, which can be exploited by sending specially crafted network packets. **Recommendations** As a temporary workaround, consider disabling the `httpd` service or restricting access to the `/usr/bin/httpd` endpoint until a patch is available. Update the firmware to the latest version to secure the network. Restrict access to the vulnerable `USER AGENT` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-860L version 2.03 **Description** The issue is related to a buffer overflow vulnerability in the gena.cgi file of the D-Link DIR-860L router's firmware. This vulnerability is caused by the lack of length verification for the `SID` field in gena.cgi, allowing an attacker to send a specially crafted POST request to exploit the vulnerability. Successful exploitation can cause the remote target device to crash or execute arbitrary commands. **Recommendations** For D-Link DIR-860L version 2.03, consider disabling the gena.cgi file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `SID` field in the gena.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.