Georgios Kambourakis

**Name of the Vulnerable Software and Affected Versions** Mist Community Edition versions up to 4.7.1 **Description** A vulnerability was found in the function `session start response` of the file `src/mist/api/auth/middleware.py`. This issue leads to cross-site request forgery and can be initiated remotely. **Recommendations** For Mist Community Edition versions up to 4.7.1, upgrade to version 4.7.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Mist Community Edition versions up to 4.7.1 **Description** A critical issue has been found, affecting the `create token` function of the API Token Handler component. This leads to improper access controls, allowing remote attacks. The issue has been publicly disclosed and may be exploited. **Recommendations** For Mist Community Edition versions up to 4.7.1, upgrade to version 4.7.2 to address this issue. As a temporary workaround, consider restricting access to the `create token` function of the API Token Handler component until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Mist Community Edition versions up to 4.7.1 **Description** A problematic issue has been found in the Authentication Endpoint component, specifically in the Login function of the file src/mist/api/views.py. The manipulation of the `return to` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For Mist Community Edition versions up to 4.7.1, upgrade to version 4.7.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Mist Community Edition versions up to 4.7.1 **Description** A problem was found in the function `tag resources` of the file `src/mist/api/tag/views.py`. The manipulation of the argument `tag` leads to cross-site scripting. The attack may be initiated remotely. It is reported that the estimated number of potentially affected devices is not provided. **Recommendations** For Mist Community Edition versions up to 4.7.1, upgrade to version 4.7.2 to address this issue. As a temporary workaround, consider restricting access to the `tag resources` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** ASUS ROG Rapture GT-AX11000 versions prior to 3.0.0.4.386.45898 RT-AX3000 versions prior to 3.0.0.4.386.45898 RT-AX55 versions prior to 3.0.0.4.386.45898 RT-AX56U versions prior to 3.0.0.4.386.45898 RT-AX56U V2 versions prior to 3.0.0.4.386.45898 RT-AX58U versions prior to 3.0.0.4.386.45898 RT-AX82U versions prior to 3.0.0.4.386.45898 RT-AX82U GUNDAM EDITION versions prior to 3.0.0.4.386.45898 RT-AX86 Series(RT-AX86U/RT-AX86S) versions prior to 3.0.0.4.386.45898 RT-AX86U ZAKU II EDITION versions prior to 3.0.0.4.386.45898 RT-AX88U versions prior to 3.0.0.4.386.45898 RT-AX92U versions prior to 3.0.0.4.386.45898 TUF Gaming AX3000 versions prior to 3.0.0.4.386.45898 TUF Gaming AX5400 (TUF-AX5400) versions prior to 3.0.0.4.386.45898 ASUS ZenWiFi XD6 versions prior to 3.0.0.4.386.45898 ASUS ZenWiFi AX (XT8) versions prior to 3.0.0.4.386.45898 RT-AX68U versions prior to 3.0.0.4.386.45911 **Description** A brute-force protection bypass in CAPTCHA protection allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. **Recommendations** For ASUS ROG Rapture GT-AX11000, update to version 3.0.0.4.386.45898 or later. For RT-AX3000, update to version 3.0.0.4.386.45898 or later. For RT-AX55, update to version 3.0.0.4.386.45898 or later. For RT-AX56U, update to version 3.0.0.4.386.45898 or later. For RT-AX56U V2, update to version 3.0.0.4.386.45898 or later. For RT-AX58U, update to version 3.0.0.4.386.45898 or later. For RT-AX82U, update to version 3.0.0.4.386.45898 or later. For RT-AX82U GUNDAM EDITION, update to version 3.0.0.4.386.45898 or later. For RT-AX86 Series(RT-AX86U/RT-AX86S), update to version 3.0.0.4.386.45898 or later. For RT-AX86U ZAKU II EDITION, update to version 3.0.0.4.386.45898 or later. For RT-AX88U, update to version 3.0.0.4.386.45898 or later. For RT-AX92U, update to version 3.0.0.4.386.45898 or later. For TUF Gaming AX3000, update to version 3.0.0.4.386.45898 or later. For TUF Gaming AX5400 (TUF-AX5400), update to version 3.0.0.4.386.45898 or later. For ASUS ZenWiFi XD6, update to version 3.0.0.4.386.45898 or later. For ASUS ZenWiFi AX (XT8), update to version 3.0.0.4.386.45898 or later. For RT-AX68U, update to version 3.0.0.4.386.45911 or later.

**Name of the Vulnerable Software and Affected Versions** ASUS ROG Rapture GT-AX11000 versions prior to 3.0.0.4.386.45898 RT-AX3000 versions prior to 3.0.0.4.386.45898 RT-AX55 versions prior to 3.0.0.4.386.45898 RT-AX56U versions prior to 3.0.0.4.386.45898 RT-AX56U V2 versions prior to 3.0.0.4.386.45898 RT-AX58U versions prior to 3.0.0.4.386.45898 RT-AX82U versions prior to 3.0.0.4.386.45898 RT-AX82U GUNDAM EDITION versions prior to 3.0.0.4.386.45898 RT-AX86 Series (RT-AX86U/RT-AX86S) versions prior to 3.0.0.4.386.45898 RT-AX86U ZAKU II EDITION versions prior to 3.0.0.4.386.45898 RT-AX88U versions prior to 3.0.0.4.386.45898 RT-AX92U versions prior to 3.0.0.4.386.45898 TUF Gaming AX3000 versions prior to 3.0.0.4.386.45898 TUF Gaming AX5400 (TUF-AX5400) versions prior to 3.0.0.4.386.45898 ASUS ZenWiFi XD6 versions prior to 3.0.0.4.386.45898 ASUS ZenWiFi AX (XT8) versions prior to 3.0.0.4.386.45898 RT-AX68U versions prior to 3.0.0.4.386.45911 **Description** The issue is related to HTTP request smuggling in the web application of the affected devices, allowing a remote unauthenticated attacker to perform a denial-of-service (DoS) attack via sending a specially crafted HTTP packet. **Recommendations** ASUS ROG Rapture GT-AX11000: Update to version 3.0.0.4.386.45898 or later. RT-AX3000: Update to version 3.0.0.4.386.45898 or later. RT-AX55: Update to version 3.0.0.4.386.45898 or later. RT-AX56U: Update to version 3.0.0.4.386.45898 or later. RT-AX56U V2: Update to version 3.0.0.4.386.45898 or later. RT-AX58U: Update to version 3.0.0.4.386.45898 or later. RT-AX82U: Update to version 3.0.0.4.386.45898 or later. RT-AX82U GUNDAM EDITION: Update to version 3.0.0.4.386.45898 or later. RT-AX86 Series (RT-AX86U/RT-AX86S): Update to version 3.0.0.4.386.45898 or later. RT-AX86U ZAKU II EDITION: Update to version 3.0.0.4.386.45898 or later. RT-AX88U: Update to version 3.0.0.4.386.45898 or later. RT-AX92U: Update to version 3.0.0.4.386.45898 or later. TUF Gaming AX3000: Update to version 3.0.0.4.386.45898 or later. TUF Gaming AX5400 (TUF-AX5400): Update to version 3.0.0.4.386.45898 or later. ASUS ZenWiFi XD6: Update to version 3.0.0.4.386.45898 or later. ASUS ZenWiFi AX (XT8): Update to version 3.0.0.4.386.45898 or later. RT-AX68U: Update to version 3.0.0.4.386.45911 or later.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-X1560 version 1.04B04 D-Link DIR-X6060 version 1.11B04 **Description** A denial-of-service attack in WPA2 and WPA3-SAE authentication methods allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames. **Recommendations** For D-Link DIR-X1560 version 1.04B04, update to a newer version that contains a fix for this issue. For D-Link DIR-X6060 version 1.11B04, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-X1860 versions prior to 1.03 RevA1 **Description** The issue is related to an information disclosure in the web interface of the affected device. It allows a remote unauthenticated attacker to send a specially crafted HTTP request to gain knowledge of different absolute paths used by the web application. This is due to insufficient protection of service data. **Recommendations** For D-Link DIR-X1860 versions prior to 1.03 RevA1, update to version 1.03 RevA1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-X1860 versions prior to v1.10WWB09 Beta **Description** The issue is related to a DoS attack in the web application, allowing a remote unauthenticated attacker to reboot the router by sending a specially crafted URL to an authenticated victim, who must visit the URL for the reboot to occur. This is also associated with resource release errors in the Wi-Fi router's firmware, which can be exploited by a remote attacker using a specially crafted web page to cause a denial of service. **Recommendations** For D-Link DIR-X1860 versions prior to v1.10WWB09 Beta, update to version v1.10WWB09 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation. Avoid using the router's web interface from untrusted networks until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-X1860 versions prior to v1.10WWB09 Beta **Description** The issue is related to a reflected cross-site-scripting attack in the web application of the D-Link DIR-X1860. This allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. The vulnerability is associated with the lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted web page. **Recommendations** For versions prior to v1.10WWB09 Beta, update to v1.10WWB09 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation. Avoid using the web application until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-X1860 versions prior to v1.10WWB09 Beta **Description** The issue is related to a web application vulnerability in the D-Link DIR-X1860 Wi-Fi router's firmware, specifically concerning inadequate handling of HTTP requests. This can be exploited by a remote attacker to send a hidden HTTP request, also known as an HTTP Request Smuggling attack, using specially crafted HTTP packets. The attack allows a remote unauthenticated attacker to perform a Denial of Service (DoS) on the web application by sending a specific HTTP packet. **Recommendations** For versions prior to v1.10WWB09 Beta, update to v1.10WWB09 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation. Avoid using the vulnerable web application until the issue is resolved.