Dwbruijn

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose versions prior to 7.21 **Description** An issue exists in the GCM Authentication Tag Handler within the `mg aes gcm decrypt()` function of the `/src/tls aes128.c` file. This flaw leads to improper verification of cryptographic signatures, which can be exploited remotely. The attack is characterized by high complexity and is considered difficult to execute. **Recommendations** Upgrade to version 7.21.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose versions prior to 7.21 **Description** A weakness in the TCP Option Handler component allows a remote attacker to cause an infinite loop. This occurs through the manipulation of the `optlen` argument within the `handle opt()` function located in the `/src/net builtin.c` file. **Recommendations** Update to version 7.21.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose versions up to 7.20 **Description** A weakness exists in Cesanta Mongoose related to insufficiently random values generated by the `mg sendnsreq` function within the DNS Transaction ID Handler component, located in the file `/src/dns.c`. Manipulation of the `random` argument can trigger this issue. The attack can be launched remotely and is considered difficult to exploit, but the exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 7.20 should be updated. As a temporary workaround, consider restricting access to the DNS Transaction ID Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose versions prior to 7.21 **Description** A security issue exists in Cesanta Mongoose. The `getpeer` function within the TCP Sequence Number Handler component, located in `/src/net builtin.c`, does not properly verify the source of a communication channel. This allows for remote attacks with high complexity and difficult exploitability. The exploit has been publicly disclosed. **Recommendations** Update to version 7.21 or later. As a temporary workaround, consider restricting access to the `getpeer` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose versions prior to 7.21 **Description** A security issue exists in Cesanta Mongoose related to improper verification of cryptographic signatures. The issue resides in the `mg chacha20 poly1305 decrypt` function within the `/src/tls chacha20.c` file, specifically within the Poly1305 Authentication Tag Handler component. The attack can be initiated remotely and is considered to have high complexity, with difficult exploitability. The exploit is publicly available. **Recommendations** Update to version 7.21 or later. As a temporary workaround, consider restricting the use of the `mg chacha20 poly1305 decrypt` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GuardDog versions prior to 2.7.1 **Description** GuardDog is a command-line interface (CLI) tool used to identify malicious PyPI packages. A path traversal flaw exists in the `safe extract()` function, potentially allowing malicious PyPI packages to write files to locations outside the intended extraction directory. This could lead to arbitrary file overwrite and remote code execution. The vulnerable function is `safe extract()`. **Recommendations** Update GuardDog to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** GuardDog versions prior to 2.7.1 **Description** GuardDog, a CLI tool for identifying malicious PyPI packages, contains a flaw in its `safe extract()` function. This function does not validate the size of decompressed files when handling ZIP archives, such as wheels and eggs. This can lead to a denial of service as attackers can utilize zip bombs – small compressed files that expand to consume excessive disk space, potentially gigabytes from a few megabytes of compressed data. **Recommendations** Update to GuardDog version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Tenda W6-S version 1.0.0.4(510) **Description** A flaw exists in the ATE Service component of Tenda W6-S version 1.0.0.4(510). Specifically, the `TendaAte` function within the `/goform/ate` file is susceptible to os command injection through manipulation. This allows for remote execution of commands. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13(4903) **Description** A heap-based buffer overflow exists in the `formSetVlanPolicy` function of the `/goform/setVlanPolicyData` file. Manipulation of the `qvlan truck port` argument can trigger this issue, potentially allowing for remote exploitation. The exploit for this issue has been made public. **Recommendations** Versions prior to 1.0.0.13(4903) are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13(4903) **Description** A flaw exists in the Tenda M3 router that could allow for remote code execution. The issue is due to a stack-based buffer overflow within the `formSetRemoteVlanInfo` function, located in the `/goform/setVlanInfo` file. Manipulation of the `ID/vlan/port` argument can trigger this overflow. The exploit for this issue has been publicly disclosed and may be used to compromise systems remotely. **Recommendations** Versions prior to 1.0.0.13(4903) are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13(4903) **Description** A flaw exists in Tenda M3 version 1.0.0.13(4903) that allows remote attackers to trigger a stack-based buffer overflow. The issue is located in the `formSetRemoteDhcpForAp` function within the `/goform/setDhcpAP` file. Manipulation of the `startip`, `endip`, `leasetime`, `gateway`, `dns1`, and `dns2` arguments can cause the overflow. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13(4903) **Description** A stack-based buffer overflow exists in Tenda M3. The issue is due to manipulation of the `cmdinput` argument within an unknown function of the `/goform/exeCommand` file. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W6-S version 1.0.0.4(510) **Description** A stack-based buffer overflow exists in the R7websSsecurityHandler component of Tenda W6-S. The issue is located in the file `/bin/httpd`. Manipulation of the `Cookie` argument can trigger the overflow. The attack can be launched remotely. A public exploit is available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13 **Description** A flaw exists in the Tenda M3 router. The `formSetRemoteInternetLanInfo` function within the `/goform/setInternetLanInfo` file is susceptible to a heap-based buffer overflow. Manipulation of the `portIp`, `portMask`, `portGateWay`, `portDns`, and `portSecDns` arguments can trigger this issue. Remote attackers can potentially exploit this weakness. The exploit is publicly available. **Recommendations** Tenda M3 version 1.0.0.13: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13(4903) **Description** A security issue exists in Tenda M3 version 1.0.0.13(4903). The `formSetAdInfoDetails` function within the `/goform/setAdInfoDetail` file is susceptible to a heap-based buffer overflow. This occurs through the manipulation of the following arguments: `adName`, `smsPassword`, `smsAccount`, `weixinAccount`, `weixinName`, `smsSignature`, `adRedirectUrl`, `adCopyRight`, `smsContent`, and `adItemUID`. The issue can be exploited remotely. The exploit code for this issue is publicly available. **Recommendations** For Tenda M3 version 1.0.0.13(4903), at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.13(4903) **Description** A flaw exists in the `formSetAdPushInfo` function within the `/goform/setAdPushInfo` file. Manipulation of the `mac/terminal` argument can lead to a stack-based buffer overflow. This issue is potentially exploitable remotely. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/setAdPushInfo` file to minimize the risk of exploitation.