Elvis Collado

**Name of the Vulnerable Software and Affected Versions** ASUS TM-AC1900 router (affected versions not specified) **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via crafted HTTP header values. This can potentially lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin N300 Dual-Band Wi-Fi Range Extender versions prior to 1.04.10 **Description** The issue allows remote authenticated users to execute arbitrary commands via various parameters in different requests. Specifically, it affects the `sub dir` parameter in a "formUSBStorage" request, `pinCode` parameter in "formWpsStart" or "formiNICWpsStart" requests, `wps enrolee pin` parameter in a "formWlanSetupWPS" request, and unspecified parameters in "formWlanMP", "formBSSetSitesurvey", "formHwSet", or "formConnectionSetting" requests. **Recommendations** For versions prior to 1.04.10, update the firmware to version 1.04.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "formUSBStorage", "formWpsStart", "formiNICWpsStart", "formWlanSetupWPS", "formWlanMP", "formBSSetSitesurvey", "formHwSet", and "formConnectionSetting", until the firmware can be updated. Avoid using the `sub dir`, `pinCode`, and `wps enrolee pin` parameters in the affected requests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Valve Steam (affected versions not specified) **Description** The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.