Gray

**Name of the Vulnerable Software and Affected Versions** LB-LINK BL-AC3600 versions up to 1.0.22 **Description** A critical issue has been discovered, affecting the Password Handler component. Specifically, it impacts the `easy uci set option string 0` function within the `/cgi-bin/lighttpd.cgi` file. The manipulation of the `routepwd` argument leads to command injection, which can be initiated remotely. The issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** For LB-LINK BL-AC3600 versions up to 1.0.22, as a temporary workaround, consider disabling the `easy uci set option string 0` function until a patch is available. Restrict access to the `/cgi-bin/lighttpd.cgi` file to minimize the risk of exploitation. Avoid using the `routepwd` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Mailutils version 0.6 **Description** The issue is related to a format string vulnerability in the search.c file of the imap4d server. This vulnerability allows remote authenticated users to execute arbitrary code by including format string specifiers in the SEARCH command. **Recommendations** For GNU Mailutils version 0.6, consider disabling the SEARCH command functionality in the imap4d server until a patch is available. Restrict access to the imap4d server to minimize the risk of exploitation. Avoid using format string specifiers in the SEARCH command until the issue is resolved.