Cookedmelon

**Name of the Vulnerable Software and Affected Versions** Yealink SIP-T46U version 108.86.0.118 **Description** A stack-based buffer overflow exists in the Firmware Chunk Upload handler. This occurs when the `uid` argument is manipulated within the `mod upgrade.SparePartsUpload` function of the '/api/upgrade/accupgradebychunk' endpoint. This issue can only be exploited by an attacker located within the local network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yealink SIP-T46U version 108.86.0.118 **Description** Command injection is possible in the Web FastCGI Service via the '/api/diagnosis/start' endpoint. The issue occurs within the `mod diagnose.CommandShellByType()` function when the `Time` argument is manipulated, allowing a remote attacker to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yealink SIP-T46U (affected versions not specified) **Description** A stack-based buffer overflow exists in the Web FastCGI Service. The issue occurs within the `StartReportInformation()` function located in the '/api/inner/beforewifitest' endpoint. An attacker with local network access can trigger this by manipulating the `port` argument. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/api/inner/beforewifitest' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yealink SIP-T46U version 108.86.0.118 **Description** A stack-based buffer overflow occurs in the Firmware Chunk Upload Handler component within the `sprintf()` function of the file `/api/upgrade/upgrade`. This issue is triggered by manipulating the `uid/start offset` argument. Exploitation requires the attacker to be located within the local network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JingDong JD Cloud Box AX6600 version 4.5.3.r4546 **Description** A stack-based buffer overflow occurs in the `set macfilter()` function within the `/sbin/jdcweb rpc` file. This issue allows a remote attacker to initiate an attack by manipulating the affected function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W12 version 3.0.0.7(4763) **Description** A remote denial of service issue exists within the Web Management Interface. The problem occurs in the `cgiSysWebTimeoutSet()` function located in the `/bin/httpd` file. An attacker can trigger this condition by manipulating the `web over time` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W12 version 3.0.0.7(4763) **Description** A stack-based buffer overflow exists in the `cgistaKickOff()` function within the `/bin/httpd` file. This issue allows a remote attacker to trigger the overflow by manipulating the `staMac` argument. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `cgistaKickOff()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda W12 version 3.0.0.7(4763) **Description** A stack-based buffer overflow occurs in the `/bin/httpd` file. The issue is triggered by manipulating the `Time` argument within the `set local time 0()` function, allowing for remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W12 version 3.0.0.7(4763) **Description** A stack-based buffer overflow occurs in the `cgiSysTimeInfoSet()` function within the `/bin/httpd` file. This issue allows a remote attacker to trigger the overflow by manipulating the `sec` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W12 version 3.0.0.7(4763) **Description** A stack-based buffer overflow can be triggered remotely via the `/bin/httpd` file. The issue occurs within the `cgiWifiMacFilterSet()` function when the `wifiMacFilterSet.macList.mac` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DCS-6517 versions up to 2.02.0 D-Link DCS-7517 versions up to 2.02.0 Description: A vulnerability was found in the function `generate pass from mac` of the file `/bin/httpd` of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Recommendations: For D-Link DCS-6517 and DCS-7517 versions up to 2.02.0, consider disabling the `generate pass from mac` function as a temporary workaround until a patch is available. Restrict access to the `/bin/httpd` file to minimize the risk of exploitation. Avoid using the affected products since they are no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DCS-7517 versions up to 2.02.0 Description: A vulnerability was found in the Qlync Password Generation Handler component, affecting the function `g F n GenPassForQlync` of the file `/bin/httpd`. The manipulation leads to the use of hard-coded passwords. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Recommendations: For D-Link DCS-7517 versions up to 2.02.0, as a temporary workaround, consider disabling the `g F n GenPassForQlync` function until a patch is available. Restrict access to the `/bin/httpd` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions up to 7.0.1 **Description** A critical issue has been found in the function `pnm decode frame()` in the `/libavcodec/pnmdec.c` library, which can lead to a heap-based buffer overflow. This can be exploited remotely, potentially allowing for remote code execution via a crafted PNM image. The issue can cause a denial of service. **Recommendations** For FFmpeg versions up to 7.0.1, upgrade to version 7.0.2 to address this issue. As a temporary workaround, consider restricting the use of the `pnm decode frame()` function until a patch is applied. Avoid using the affected component with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices version 1.0 **Description** A critical issue affects the processing of the file vmpatientbooking-complete.php, where the manipulation of the `userid`, `apponum`, and `scheduleid` arguments leads to SQL injection. This issue can be initiated remotely. **Recommendations** For SourceCodester Free Hospital Management System for Small Practices version 1.0, consider restricting access to the vmpatientbooking-complete.php file until a patch is available. As a temporary workaround, avoid using the `userid`, `apponum`, and `scheduleid` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices version 1.0 **Description** A critical issue was found in the system, affecting an unknown functionality of the file vmpatientedit-user.php. The manipulation of the argument `id00/nic/oldemail/email/spec/Tele` leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `edit-user.php` file until a patch is available. Avoid using the argument `id00/nic/oldemail/email/spec/Tele` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices versions 1.0 through 5.0.12 **Description** A critical issue has been discovered, allowing for SQL injection through the manipulation of the `id00`, `nic`, `oldemail`, `email`, `spec`, and `Tele` arguments in an unknown function of the file `vmdoctoredit-doc.php`. This can be exploited remotely. **Recommendations** For versions 1.0 through 5.0.12, consider restricting access to the `vmdoctoredit-doc.php` file and the affected arguments until a patch is available. As a temporary workaround, avoid using the `id00`, `nic`, `oldemail`, `email`, `spec`, and `Tele` arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices version 1.0 **Description** A critical issue has been found in the system, affecting the file appointment.php. The manipulation of the `sheduledate` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider disabling the `sheduledate` argument in the appointment.php file until a patch is available. Restrict access to the appointment.php file to minimize the risk of exploitation. Avoid using the `sheduledate` argument in the affected endpoint until the issue is resolved.