Jimi

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow exists in the httpd component of Tenda F451 version 1.0.0.7. The issue is located in the `fromDhcpListClient` function within the `/goform/DhcpListClient` file. The `page` argument can be manipulated to trigger the overflow, allowing for remote attacks. The exploit is publicly available. Recommendations Update to a newer version of Tenda F451 that addresses this vulnerability. As a temporary workaround, consider restricting access to the `fromDhcpListClient` function or disabling the affected functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow exists in the `WrlclientSet` function of the `httpd` component, specifically within the file `/goform/WrlclientSet`. The vulnerability is triggered by manipulating the `GO` argument. This manipulation can be initiated remotely. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/WrlclientSet` file.

**Name of the Vulnerable Software and Affected Versions** Tenda F451 version 1.0.0.7 **Description** A flaw in the `fromRouteStatic()` function within the `/goform/RouteStatic` file allows for a remote stack-based buffer overflow. This occurs when the `page` argument is manipulated, enabling a remote attacker to execute the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow exists in the `formWrlsafeset` function of the `/goform/AdvSetWrlsafeset` file. Manipulation of the `mit ssid` argument can trigger this issue. The attack can be initiated remotely and an exploit is publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F451 version 1.0.0.7 **Description** A stack-based buffer overflow exists in the `fromSafeEmailFilter` function located in the `/goform/SafeEmailFilter` file of the Tenda F451. The `page` argument can be manipulated to trigger this overflow, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F451 version 1.0.0.7 **Description** A stack-based buffer overflow occurs due to the manipulation of the `page` argument within the `fromP2pListFilter()` function located in the '/goform/P2pListFilter' file. This issue allows for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `fromP2pListFilter()` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow exists in the `formWrlExtraSet` function located in the `/goform/WrlExtraSet` file of the Tenda F451 device. The `GO` argument can be manipulated to trigger this overflow, potentially allowing for remote code execution. The exploit has been publicly released. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/WrlExtraSet` file.

**Name of the Vulnerable Software and Affected Versions** Tenda i12 version 1.0.0.6(2204) **Description** A flaw exists in the Tenda i12 device. The issue is related to the `formWifiMacFilterGet` function within the `/goform/WifiMacFilterGet` file, which is susceptible to a stack-based buffer overflow when the `index` argument is manipulated. This manipulation can be triggered remotely. A public exploit is available, potentially enabling malicious actors to launch attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i12 version 1.0.0.6(2204) **Description** A security issue exists in Tenda i12 version 1.0.0.6(2204). The `vos strcpy` function within the `/goform/exeCommand` file is susceptible to a stack-based buffer overflow. This occurs through manipulation of the `cmdinput` argument. The attack can be initiated remotely, and an exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i12 version 1.0.0.6(2204) **Description** A security issue has been identified in Tenda i12. The `formwrlSSIDget` function within the `/goform/wifiSSIDget` file is susceptible to a stack-based buffer overflow when the `index` argument is manipulated. This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Tenda i12 version 1.0.0.6(2204): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WhatsUp Gold versions prior to 2024.0.3 **Description** A database manipulation issue allows an unauthenticated attacker to modify the contents of `WhatsUp.dbo.WrlsMacAddressGroup`. This enables attackers to tamper with the database without authentication. **Recommendations** For versions prior to 2024.0.3, update to version 2024.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `NmConfigurationManager.exe` to minimize the risk of exploitation. Avoid using the `WhatsUp.dbo.WrlsMacAddressGroup` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A critical issue has been found, affecting an unknown functionality of the file /classes/SystemSettings.php?f=update settings. This allows for unrestricted upload and can be exploited remotely. The issue has been publicly disclosed. **Recommendations** For version 1.0, consider disabling the functionality related to the file /classes/SystemSettings.php?f=update settings to prevent unrestricted upload until a fix is available. Restrict access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.