G Richter

**Name of the Vulnerable Software and Affected Versions** TP-Link M7350 V3 versions prior to firmware 190531 **Description** The web-based configuration interface is affected by several post-authentication command injection issues. **Recommendations** For versions prior to firmware 190531, update the firmware to version 190531 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR Nighthawk M1 (MR1100) versions prior to 12.06.03 **Description** An issue allows the web-interface Cross-Site Request Forgery token to be stored in a dynamically generated JavaScript file. This token can be embedded in third-party pages and re-used against the Nighthawk web interface, bypassing the intended security benefits of the CSRF-protection token. **Recommendations** For versions prior to 12.06.03, update to version 12.06.03 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR Nighthawk M1 (MR1100) versions prior to 12.06.03 **Description** An issue allows system commands to be executed via the web interface after authentication. **Recommendations** For versions prior to 12.06.03, update to version 12.06.03 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TP-Link M7350 versions prior to firmware 190531 **Description** The issue is related to the lack of data sanitization at the management level, allowing a remote attacker to execute arbitrary commands before authentication. This can be exploited through the web-based configuration interface. **Recommendations** For TP-Link M7350 versions prior to firmware 190531, update the firmware to version 190531 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based configuration interface until the update is applied.