Jason J

**Name of the Vulnerable Software and Affected Versions** Mercury KM08-708H GiGA WiFi Wave2 version 1.1 **Description** A buffer overflow issue exists in the `sub 450B2C` function of the `/goform/mcr setSysAdm` file. The vulnerability is triggered by manipulating the `ChgUserId` argument, allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/goform/mcr setSysAdm` file to minimize the risk of exploitation. Avoid using the `ChgUserId` parameter in the affected function `sub 450B2C` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 version 1.08.01 **Description** A buffer overflow issue exists in the `httpd` component of D-Link DIR-825. The `get ping6 app stat` function within the `ping6 response.cg` file is affected. Manipulation of the `ping6 ipaddr` argument can trigger the overflow. This issue can be exploited remotely. The exploit has been made public. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.