Cristofaro Mune

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon Wired Infrastructure and Networking (affected versions not specified) **Description** The issue is related to memory corruption due to a lack of validation of a pointer to a buffer passed to the trustzone in Snapdragon Wired Infrastructure and Networking. This can potentially lead to code execution on Qualcomm IPQ40xx-based devices using a restricted write vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2640B versions prior to EU 4.01B **Description** The issue is related to insufficient input validation, allowing a remote attacker to reset the device's configuration by accessing an unauthenticated URL, such as "/api/v1/reset" or similar. This can lead to a loss of device settings and potentially expose the device to further attacks. **Recommendations** For D-Link DSL-2640B version EU 4.01B and earlier, consider restricting access to unauthenticated URLs as a temporary workaround until a patch is available. Avoid using unauthenticated API endpoints, such as `/api/v1/reset`, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2640B version EU 4.01B **Description** An issue allows authentication to be bypassed when accessing cgi modules, enabling administrative tasks, such as modifying the admin password, without authentication. The vulnerability is related to weaknesses in the authentication procedure of the D-Link DSL-2640B router software, which can be exploited by a remote attacker to elevate their privileges. **Recommendations** For D-Link DSL-2640B version EU 4.01B, as a temporary workaround, consider restricting access to cgi modules until a patch is available. Additionally, restrict administrative tasks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2640B versions prior to the fixed version **Description** The issue is caused by a stack-based buffer overflow in the `do cgi()` function, which processes CGI requests supplied to the device's web server. This can be exploited remotely, allowing an attacker to impact the confidentiality, integrity, and availability of protected information. Unauthenticated exploitation is possible. **Recommendations** For D-Link DSL-2640B versions prior to the fixed version, update to a version that includes a fix for the buffer overflow vulnerability in the `do cgi()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.