Jfkk

**Name of the Vulnerable Software and Affected Versions** ipTIME NAS1dual version 1.5.24 **Description** A stack-based buffer overflow can be triggered remotely via the `get csrf whites` function within the '/cgi/advanced/misc main.cgi' endpoint. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EFM ipTIME C200 versions prior to 1.092 **Description** A command injection issue exists in the ApplyRestore Endpoint. This occurs within the `sub 408F90()` function of the '/cgi/iux set.cgi' endpoint when the `RestoreFile` argument is manipulated. This flaw allows a remote attacker to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi/iux set.cgi' endpoint or avoid using the `RestoreFile` argument until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Planet ICG-2510 version 1.0 20250811 **Description** A stack-based buffer overflow exists in the Language Package Configuration Handler component of Planet ICG-2510 version 1.0 20250811. The issue is located in the `sub 40C8E4` function within the `/usr/sbin/httpd` file. Manipulation of the `Language` argument can trigger the overflow, and the attack can be launched remotely. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LB-LINK BL-WR9000 version 2.4.9 **Description** A flaw exists in the `sub 458754` function within the `/goform/set wifi` file. This allows for command injection, which can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Disable or restrict access to the `/goform/set wifi` file to prevent exploitation of the `sub 458754` function.

**Name of the Vulnerable Software and Affected Versions** LB-LINK BL-WR9000 version 2.4.9 **Description** A weakness exists in LB-LINK BL-WR9000 version 2.4.9. The issue is related to the `sub 44E8D0` function within the `/goform/get virtual cfg` file. A manipulation of this function can lead to a stack-based buffer overflow. The attack can be performed remotely. The exploit for this issue is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LB-LINK BL-WR9000 version 2.4.9 **Description** A security issue has been identified in LB-LINK BL-WR9000 version 2.4.9. The issue resides in the `sub 44D844` function within the `/goform/get hidessid cfg` file. Manipulation of this function leads to a buffer overflow, and the attack can be initiated remotely. The exploit for this issue has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAYOS FBM-220G version 24.10.19 **Description** A flaw exists in WAYOS FBM-220G version 24.10.19 related to command injection. Manipulation of the arguments `upnp waniface`, `upnp ssdp interval`, and `upnp max age` within the `sub 40F820` function of the `rc` file can allow for remote execution of commands. The vendor was contacted regarding this issue but did not provide a response. **Recommendations** As a temporary workaround, consider restricting or disabling the use of the `upnp waniface`, `upnp ssdp interval`, and `upnp max age` arguments. Disable the `sub 40F820` function if possible. Avoid using the `rc` file if it is not essential for the operation of the system.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7100G C1 version 24.04.18D1 **Description** A flaw exists in the `start proxy client email` function that can allow for command injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.06.42 multi **Description** A flaw exists in the Tenda AC9 device. The `formGetDdosDefenceList` function is susceptible to a stack-based buffer overflow when the `security.ddos.map` argument is manipulated. This issue can be exploited remotely. The exploit code has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.06.42 multi **Description** A security issue exists in the `formGetRebootTimer` function. Manipulation of the `sys.schedulereboot.start time`/`sys.schedulereboot.end time` arguments can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7100G C1 version 24.04.18D1 **Description** A flaw exists in the `set jhttpd info` function that allows for command injection. Manipulating the `usb username` argument can lead to remote exploitation. **Recommendations** Apply updates to address the issue in the `set jhttpd info` function. As a temporary workaround, restrict or disable the use of the `usb username` argument.

**Name of the Vulnerable Software and Affected Versions** DrayTek Vigor3900 version 1.5.1.6 **Description** The issue is a command injection vulnerability that allows attackers to execute arbitrary commands via supplying a crafted HTTP message. This is achieved through the `sub 2C920` function at the "/cgi-bin/mainfunction.cgi" API endpoint. **Recommendations** For DrayTek Vigor3900 version 1.5.1.6, consider disabling access to the `/cgi-bin/mainfunction.cgi` API endpoint until a patch is available. Additionally, restrict the use of the `sub 2C920` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DrayTek Vigor3900 version 1.5.1.6 **Description** The issue is an authenticated command injection vulnerability. It occurs via the `name` parameter in the `run command` function. **Recommendations** For DrayTek Vigor3900 version 1.5.1.6, consider disabling the `run command` function until a patch is available to prevent exploitation of the authenticated command injection vulnerability. Restrict access to the `name` parameter in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DrayTek Vigor3900 version 1.5.1.6 **Description** The issue is an authenticated command injection vulnerability. It occurs via the `value` parameter in the `filter string` function. **Recommendations** For DrayTek Vigor3900 version 1.5.1.6, as a temporary workaround, consider restricting access to the `filter string` function until a patch is available. Avoid using the `value` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.