Jiangxiazhe

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002R version 4.0.0-B20230531.1404 **Description** The issue is related to a buffer overflow in the formMapDelDevice interface of the TOTOLINK A3002R router's firmware. This occurs due to the lack of size checking for input data, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. The buffer overflow is specifically caused by the `bandstr` parameter in the formMapDelDevice interface. **Recommendations** For TOTOLINK A3002R version 4.0.0-B20230531.1404, as a temporary workaround, consider disabling the `formMapDelDevice` interface until a patch is available. Restrict access to the `bandstr` parameter in the formMapDelDevice interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel AMG1302-T10B version 2.00(AAJC.16)C0 **Description** A path traversal vulnerability in the web management interface could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device. **Recommendations** For Zyxel AMG1302-T10B version 2.00(AAJC.16)C0, consider restricting access to the web management interface until a fix is available. As a temporary workaround, restrict access to sensitive directories to minimize the risk of exploitation. Avoid using the web management interface for administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: A buffer overflow issue was discovered via the `addrPoolEnd` parameter in the "formDhcpv6s" interface. Recommendations: For TOTOLINK A3002R version 4.0.0-B20230531.1404, as a temporary workaround, consider restricting access to the "formDhcpv6s" interface until a patch is available. Avoid using the `addrPoolEnd` parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.