Fizzl

**Name of the Vulnerable Software and Affected Versions** Digital China DCME-520 up to 20250320 **Description** A critical issue has been found in the processing of the file /usr/local/WWW/function/audit/newstatistics/mon merge stat hist.php. The manipulation of the `type name` argument leads to os command injection. This issue can be exploited remotely. **Recommendations** For Digital China DCME-520 up to 20250320, as a temporary workaround, consider restricting access to the file /usr/local/WWW/function/audit/newstatistics/mon merge stat hist.php to minimize the risk of exploitation. Avoid using the `type name` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.26A1 Description: A critical issue affects the function `auth asp` of the file `/auth.asp` of the component `jhttpd`. The manipulation of the argument `callback` leads to a stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. Recommendations: For D-Link DI-8100 version 16.07.26A1, as a temporary workaround, consider disabling the `auth asp` function until a patch is available. Restrict access to the vulnerable module `jhttpd` to minimize the risk of exploitation. Avoid using the parameter `callback` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** China Mobile P22g-CIac versions up to 20250305 ZXWT-MIG-P4G4V versions up to 20250305 ZXWT-MIG-P8G8V versions up to 20250305 GT3200-4G4P versions up to 20250305 GT3200-8G8P versions up to 20250305 **Description** A vulnerability was found in the Telnet Service component, leading to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For China Mobile P22g-CIac versions up to 20250305, restrict access to the Telnet Service component to minimize the risk of exploitation. For ZXWT-MIG-P4G4V versions up to 20250305, consider disabling the Telnet Service until a patch is available. For ZXWT-MIG-P8G8V versions up to 20250305, avoid using the Telnet Service until the issue is resolved. For GT3200-4G4P versions up to 20250305, restrict access to the Telnet Service component to minimize the risk of exploitation. For GT3200-8G8P versions up to 20250305, consider disabling the Telnet Service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.