Chuan Qin

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-1520 version REVA FIRMWARE 1.10B04 BETA02 HOTFIX **Description** A NULL pointer dereference in the `plugins call handle uri clean` function allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. The issue is related to errors in pointer dereference due to incorrect checking of the HTTP request format. Exploitation of the issue may allow a remote attacker to cause a denial of service by sending specially crafted HTTP requests. **Recommendations** For D-Link DAP-1520 version REVA FIRMWARE 1.10B04 BETA02 HOTFIX, as a temporary workaround, consider disabling the `plugins call handle uri clean` function until a patch is available. Restrict access to the vulnerable `plugins call handle uri clean` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly. To exploit, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface of the affected routers. This could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface of the affected routers. This could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is due to insufficient validation of user fields within incoming HTTP packets in the web-based management interface. An attacker could exploit this by sending a crafted request to the web-based management interface, potentially allowing them to execute arbitrary commands on an affected device with root-level privileges or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. The vulnerability is also described as a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code using a specially formed HTTP packet. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W Wireless-N VPN Firewall versions not specified Cisco Small Business RV130 Series VPN Router versions not specified Cisco Small Business RV130W Wireless-N Multifunction VPN Router versions not specified Cisco Small Business RV215W Wireless-N VPN Router versions not specified **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface. This could allow a remote attacker with valid Administrator credentials to execute arbitrary commands on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker could exploit this by sending a crafted request to the web-based management interface. **Recommendations** For Cisco Small Business RV110W Wireless-N VPN Firewall, restrict access to the web-based management interface until a fix is available. For Cisco Small Business RV130 Series VPN Router, consider disabling remote management capabilities to minimize the risk of exploitation. For Cisco Small Business RV130W Wireless-N Multifunction VPN Router, avoid using the web-based management interface for critical operations until the issue is resolved. For Cisco Small Business RV215W Wireless-N VPN Router, limit access to the device to only necessary personnel to reduce the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface of the affected routers. This could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. This can be achieved by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. This is also due to a buffer overflow in memory. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly. To exploit, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of the affected routers, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W Wireless-N VPN Firewall versions not specified Cisco Small Business RV130 Series VPN Router versions not specified Cisco Small Business RV130W Wireless-N Multifunction VPN Router versions not specified Cisco Small Business RV215W Wireless-N VPN Router versions not specified **Description** The vulnerability is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface of the affected devices. This could allow an authenticated, remote attacker to execute arbitrary commands on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker would need to have valid Administrator credentials on the affected device to exploit this issue. **Recommendations** For Cisco Small Business RV110W Wireless-N VPN Firewall, restrict access to the web-based management interface until a fix is available. For Cisco Small Business RV130 Series VPN Router, restrict access to the web-based management interface until a fix is available. For Cisco Small Business RV130W Wireless-N Multifunction VPN Router, restrict access to the web-based management interface until a fix is available. For Cisco Small Business RV215W Wireless-N VPN Router, restrict access to the web-based management interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. This can be achieved by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. This can be achieved by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. The attacker would need to have valid Administrator credentials on the affected device to exploit these vulnerabilities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets, which could allow a remote attacker to execute arbitrary code or cause a denial of service condition by sending a crafted request to the web-based management interface. The attacker would need to have valid Administrator credentials on the affected device to exploit this issue. **Recommendations** For Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, consider restricting access to the web-based management interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of the affected routers. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified) **Description** The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface, which could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit this, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.