Jiahui2888

**Name of the Vulnerable Software and Affected Versions** Tenda AC20 version 16.03.08.12 **Description** A stack-based buffer overflow exists in the `formSetPPTPUserList` function within the httpd component. This issue is triggered by manipulating the argument list. The attack can be executed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC20 version 16.03.08.12 **Description** A security flaw exists in Tenda AC20 version 16.03.08.12. The issue resides in the `formSetRebootTimer` function within the `/goform/SetSysAutoRebbotCfg` file of the `httpd` component. Manipulation of the `rebootTime` argument can lead to a stack-based buffer overflow. This allows for remote exploitation. A public exploit is available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC20 version 16.03.08.12 **Description** A flaw exists in the Tenda AC20 device. Manipulation of the `schedStartTime`/`schedEndTime` arguments within the `httpd` function of the `/goform/openSchedWifi` file can lead to a buffer overflow. This issue can be exploited remotely. A public exploit is available. **Recommendations** Versions prior to 16.03.08.12 are potentially affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-803 versions prior to 1.05 **Description** A flaw exists in D-Link DIR-803, potentially leading to information disclosure. The issue resides within the Configuration Handler component, specifically in the `/getcfg.php` file. Manipulation of the `AUTHORIZED GROUP` argument can trigger the flaw. The attack can be carried out remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported. **Recommendations** Update to version 1.05 or later. As a temporary workaround, restrict access to the `/getcfg.php` file.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.05.14 multi **Description** A flaw exists in Tenda AC9 version 15.03.05.14 multi related to an unknown functionality within the `/cgi-bin/DownloadCfg.jpg` file of the Configuration File Handler component. This issue allows for information disclosure and can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-930L version 1.15.04 **Description** A flaw exists in D-Link DCS-930L version 1.15.04 that allows for remote command injection. The issue is located within the `alphapd` component, specifically in the `/setSystemAdmin` file. Manipulation of the `AdminID` argument can lead to unauthorized command execution. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.