Iot_Res

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-821DAP versions prior to 1.12B01 **Description** A flaw in the Firmware Update component allows remote attackers to perform OS command injection. The issue exists within the `tools diagnostic()` function located in the `/tmp/diagnostic` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-821DAP versions prior to 1.12B01 **Description** An issue exists in the Firmware Update Handler component within the `cameo dev.sh` file. Specifically, the `platform do upgrade cameo dev()` function fails to sufficiently verify data authenticity. This allows a remote attacker to perform a manipulation, although the attack complexity is high and exploitability is difficult. This issue only affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-821DAP version 1.12B01 **Description** An issue exists in the Firmware Update component within the '/www/cgi/ssi' file. This flaw allows for the remote cleartext transmission of sensitive information. The attack is characterized by high complexity and is difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-821DAP version 1.12B01 **Description** A weakness in the Firmware Update Handler component affects the `find hwid/new gui update firmware()` function. Remote manipulation of the `dest` argument can lead to insufficient verification of data authenticity. This issue is highly complex to exploit and affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-821DAP versions prior to 1.12B01 **Description** An OS command injection issue exists within the `tools diagnostic()` function. This allows for the execution of arbitrary operating system commands through manipulation of the affected function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-821DAP version 1.12B01 **Description** A buffer overflow exists in the Firmware Update component. A remote attacker can trigger this issue by manipulating the `str` argument passed to the `auto update firmware()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX9 version 22.03.01.46 **Description** A security flaw exists in the `image check` function within the `httpd` component of Tenda AX9 version 22.03.01.46. This issue involves the use of a weak hash, allowing for remote attacks. The attack is considered to have a high complexity level and is difficult to exploit. The exploit for this issue has been publicly released and may be used for malicious purposes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2695 version 2.00RC13 **Description** A weakness exists in the cryptographic signature verification process within the Firmware Update Handler component, specifically in the `sub 40C6B8` function. This allows for manipulation, potentially leading to improper verification. The attack can be initiated remotely and is considered highly complex with difficult exploitability. The exploit is publicly available. This issue affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2695 version 2.00RC13 **Description** A security issue exists in the D-Link DAP-2695. The `sub 4174B0` function within the Firmware Update Handler component is susceptible to OS command injection. This allows for remote attacks. The exploit for this issue has been made public. This vulnerability impacts products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda RP3 Pro versions through 22.5.7.93 **Description** A security issue exists in Tenda RP3 Pro up to version 22.5.7.93, specifically within the Firmware Update Handler component. Manipulation of the `current force upgrade pwd` argument in the `force upgrade.sh` file can result in the use of a hard-coded password. This issue can only be exploited locally. The exploit for this issue has been published. **Recommendations** Update to a version later than 22.5.7.93.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2695 version 2.00RC131 **Description** A flaw exists in the D-Link DAP-2695 related to the Firmware Update Handler component. Specifically, the `fwupdater main` function within the `rgbin` file is susceptible to os command injection. This issue can be triggered remotely through manipulation. The maintainer no longer supports the affected product. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda CP6 version 11.10.00.243 **Description** A vulnerability exists in the function `sub 2B7D04` of the `uhttp` component. Manipulation of this function can lead to a risky cryptographic algorithm. This attack can be launched remotely and is characterized by high complexity, with exploitability described as difficult. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Belkin AX1800 version 1.1.00.016 Description: A vulnerability exists due to insufficient verification of data authenticity within the Firmware Update Handler component. This issue can be exploited remotely. The vendor was contacted regarding this disclosure but did not respond. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys E5600 version 1.1.0.26 Description: A flaw exists in the Linksys E5600 due to a risky cryptographic algorithm within the `verify gemtek header` function of the `checkFw.sh` file in the Firmware Handler component. The attack can be launched remotely and requires a high level of complexity, with exploitability described as difficult. The vendor was contacted but did not respond. Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable component Firmware Handler to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 6.02CN02 Description: A vulnerability exists in the `FirmwareUpgrade` function of the `boa` component, leading to insufficient verification of data authenticity. The attack can be launched remotely, but is considered difficult to exploit. The exploit has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda G1 version 16.01.7.8(3660) Description: A vulnerability exists in the Tenda G1 device due to insufficient verification of data authenticity within the Firmware Update Handler component. The `check upload file` function is affected, allowing for potential remote code execution. Exploitation is considered difficult, but the exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.13.07.13 Description: A vulnerability exists due to insufficient verification of data authenticity within the Firmware Update Handler component. The affected function is `check fw type`/`split fireware`/`check fw`. This issue can be exploited remotely, though the attack complexity is considered high and exploitation appears difficult. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.