He Nan

**Name of the Vulnerable Software and Affected Versions** TOTOLink X5000R version 9.1.0u.6118-B20201102 TOTOLink A7000R version 9.1.0u.6115-B20201022 **Description** The issue allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. This can be exploited by sending malicious input to the IP field, resulting in a buffer overflow. **Recommendations** For TOTOLink X5000R version 9.1.0u.6118-B20201102, update to a newer version that contains a fix for this issue. For TOTOLink A7000R version 9.1.0u.6115-B20201022, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the IP field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TOTOLink X5000R version 9.1.0u.6118-B20201102 TOTOLink A7000R version 9.1.0u.6115-B20201022 **Description** A Buffer Overflow issue allows a remote attacker to cause a denial of service via the command field. **Recommendations** For TOTOLink X5000R version 9.1.0u.6118-B20201102, consider disabling access to the command field until a patch is available. For TOTOLink A7000R version 9.1.0u.6115-B20201022, restrict access to the command field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RG-EW series home routers and repeaters versions EW 3.0(1)B11P204 through EW 3.0(1)B11P219 RG-NBS and RG-S1930 series switches versions SWITCH 3.0(1)B11P218 through SWITCH 3.0(1)B11P219 RG-EG series business VPN routers versions EG 3.0(1)B11P216 through EG 3.0(1)B11P219 EAP and RAP series wireless access points versions AP 3.0(1)B11P218 through AP 3.0(1)B11P219 NBC series wireless controllers versions AC 3.0(1)B11P86 through AC 3.0(1)B11P219 **Description** A command injection issue allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to "/cgi-bin/luci/api/cmd" via the `remoteIp` field. The issue also allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub 40DA38. **Recommendations** For RG-EW series home routers and repeaters versions EW 3.0(1)B11P204 through EW 3.0(1)B11P219, restrict access to the "/cgi-bin/luci/api/cmd" endpoint to minimize the risk of exploitation. For RG-NBS and RG-S1930 series switches versions SWITCH 3.0(1)B11P218 through SWITCH 3.0(1)B11P219, consider disabling the unifyframe-sgi.elf component until a patch is available. For RG-EG series business VPN routers versions EG 3.0(1)B11P216 through EG 3.0(1)B11P219, avoid using the `remoteIp` field in the affected API endpoint until the issue is resolved. For EAP and RAP series wireless access points versions AP 3.0(1)B11P218 through AP 3.0(1)B11P219, restrict access to the vulnerable module to minimize the risk of exploitation. For NBC series wireless controllers versions AC 3.0(1)B11P86 through AC 3.0(1)B11P219, consider temporarily disabling the sub 40DA38 function until a patch is available.