Joel

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder WordPress plugin versions prior to 3.4.8 Description: The issue arises from the plugin's failure to sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting problem. This allows malicious scripts to be executed, potentially leading to unauthorized actions on the website. Recommendations: For versions prior to 3.4.8, update to version 3.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality that appends user input to the DOM until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 1.0 V15.03.05.19 multi TD01 Tenda AC9 version 1.0 V15.03.05.19(6318) CN Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC15 version 1.0 V15.03.05.19 multi TD01 Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd service. This occurs when processing the "mitInterface" parameter and "/goform/addressNat" entries for a POST request. The vulnerability allows an attacker to construct a payload that can lead to arbitrary code execution attacks by overwriting the return address of a function. **Recommendations** For Tenda AC6 version 1.0 V15.03.05.19 multi TD01, consider disabling the httpd service until a patch is available. For Tenda AC9 version 1.0 V15.03.05.19(6318) CN, restrict access to the "/goform/addressNat" endpoint to minimize the risk of exploitation. For Tenda AC9 version 3.0 V15.03.06.42 multi, avoid using the `mitInterface` parameter in the affected API endpoint until the issue is resolved. For Tenda AC15 version 1.0 V15.03.05.19 multi TD01, restrict access to the vulnerable httpd service to minimize the risk of exploitation. For Tenda AC18 version 15.03.05.19(6318) CN, consider disabling the httpd service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 1.0 V15.03.05.19 multi TD01 Tenda AC9 version 1.0 V15.03.05.19(6318) CN Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC15 version 1.0 V15.03.05.19 multi TD01 Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, httpd. The vulnerability occurs when processing the `schedStartTime` and `schedEndTime` parameters for a POST request to the "/goform/openSchedWifi" API endpoint. An attacker can exploit this by constructing a payload that allows for arbitrary code execution attacks. **Recommendations** For Tenda AC6 version 1.0 V15.03.05.19 multi TD01, consider disabling the httpd service until a patch is available. For Tenda AC9 version 1.0 V15.03.05.19(6318) CN, restrict access to the "/goform/openSchedWifi" API endpoint to minimize the risk of exploitation. For Tenda AC9 version 3.0 V15.03.06.42 multi, avoid using the `schedStartTime` and `schedEndTime` parameters in the affected API endpoint until the issue is resolved. For Tenda AC15 version 1.0 V15.03.05.19 multi TD01, consider temporarily disabling the vulnerable httpd service. For Tenda AC18 version 15.03.05.19(6318) CN, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 1.0 V15.03.05.19 multi TD01 Tenda AC9 version 1.0 V15.03.05.19(6318) CN Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC15 version 1.0 V15.03.05.19 multi TD01 Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The vulnerability occurs when processing the `speed dir` parameter for a POST request to the "/goform/SetSpeedWan" API endpoint. An attacker can exploit this by constructing a payload that allows for arbitrary code execution attacks. **Recommendations** For Tenda AC6 version 1.0 V15.03.05.19 multi TD01, consider disabling the httpd service until a patch is available. For Tenda AC9 version 1.0 V15.03.05.19(6318) CN, restrict access to the "/goform/SetSpeedWan" API endpoint to minimize the risk of exploitation. For Tenda AC9 version 3.0 V15.03.06.42 multi, avoid using the `speed dir` parameter in the affected API endpoint until the issue is resolved. For Tenda AC15 version 1.0 V15.03.05.19 multi TD01, restrict access to the vulnerable httpd service to minimize the risk of exploitation. For Tenda AC18 version 15.03.05.19(6318) CN, consider disabling the httpd service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 1.0 V15.03.05.19 multi TD01 Tenda AC9 version 1.0 V15.03.05.19(6318) CN Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC15 version 1.0 V15.03.05.19 multi TD01 Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, httpd. The vulnerability occurs when processing the "funcpara1" parameter for a POST request to the "/goform/setcfm" endpoint. This allows an attacker to construct a payload that can carry out arbitrary code execution attacks by overwriting the return address of a function. **Recommendations** For Tenda AC6 version 1.0 V15.03.05.19 multi TD01, consider disabling the httpd service until a patch is available. For Tenda AC9 version 1.0 V15.03.05.19(6318) CN, restrict access to the "/goform/setcfm" endpoint to minimize the risk of exploitation. For Tenda AC9 version 3.0 V15.03.06.42 multi, avoid using the `funcpara1` parameter in the affected API endpoint until the issue is resolved. For Tenda AC15 version 1.0 V15.03.05.19 multi TD01, restrict access to the vulnerable httpd service to minimize the risk of exploitation. For Tenda AC18 version 15.03.05.19(6318) CN, consider disabling the httpd service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 1.0 V15.03.05.19 multi TD01 Tenda AC9 version 1.0 V15.03.05.19(6318) CN Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC15 version 1.0 V15.03.05.19 multi TD01 Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The vulnerability occurs when processing the "deviceId" and "time" parameters for a POST request to the "/goform/saveParentControlInfo" endpoint. An attacker can exploit this by constructing a payload to carry out arbitrary code execution attacks. **Recommendations** For Tenda AC6 version 1.0 V15.03.05.19 multi TD01, consider disabling the httpd service until a patch is available. For Tenda AC9 version 1.0 V15.03.05.19(6318) CN, restrict access to the "/goform/saveParentControlInfo" endpoint to minimize the risk of exploitation. For Tenda AC9 version 3.0 V15.03.06.42 multi, avoid using the `deviceId` and `time` parameters in the affected API endpoint until the issue is resolved. For Tenda AC15 version 1.0 V15.03.05.19 multi TD01, consider temporarily disabling the `httpd` service to prevent exploitation. For Tenda AC18 version 15.03.05.19(6318) CN, restrict access to the vulnerable httpd service until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 1.0 V15.03.05.19 multi TD01 Tenda AC9 version 1.0 V15.03.05.19(6318) CN Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC15 version 1.0 V15.03.05.19 multi TD01 Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The vulnerability occurs when processing the "list" parameter for a POST request to the "/goform/SetNetControlList" endpoint. A value is directly used in a strcpy to a local variable on the stack, overwriting the return address of a function. This allows an attacker to construct a payload for arbitrary code execution attacks. **Recommendations** For Tenda AC6 version 1.0 V15.03.05.19 multi TD01, consider disabling the httpd service until a patch is available. For Tenda AC9 version 1.0 V15.03.05.19(6318) CN, restrict access to the "/goform/SetNetControlList" endpoint to minimize the risk of exploitation. For Tenda AC9 version 3.0 V15.03.06.42 multi, avoid using the `list` parameter in the affected API endpoint until the issue is resolved. For Tenda AC15 version 1.0 V15.03.05.19 multi TD01, restrict access to the vulnerable httpd service to minimize the risk of exploitation. For Tenda AC18 version 15.03.05.19(6318) CN, consider disabling the `httpd` service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** conference-scheduler-cli (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code via a crafted .pickle file. This is demonstrated by Python code that contains an `os.system` call, which can be used to execute system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Confire version 0.2.0 **Description** A vulnerability exists in the YAML parsing functionality due to the use of the yaml.load function to load user-specific configuration from ~/.confire.yaml. This allows a YAML parser to execute arbitrary Python commands, resulting in command execution. An attacker can exploit this by inserting Python code into loaded YAML. **Recommendations** For Confire version 0.2.0, consider disabling the yaml.load function in config.py until a patch is available to prevent arbitrary command execution. Restrict access to the ~/.confire.yaml file to minimize the risk of exploitation. Avoid using the yaml.load function to load user-specific configuration files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** django make app version 0.1.3 **Description** The issue concerns the YAML parsing functionality in the `read yaml file` method within `io utils.py`. This allows a YAML parser to execute arbitrary Python commands, resulting in command execution. An attacker can exploit this by inserting Python code into loaded YAML files. **Recommendations** For django make app version 0.1.3, consider disabling the `read yaml file` method in `io utils.py` until a patch is available to prevent the execution of arbitrary Python commands. Restrict the loading of YAML files to trusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OwlMixin versions prior to 2.0.0a12 **Description** The issue exists in the YAML loading functionality of util.py, where a "Load YAML" string or file can execute arbitrary Python commands. This is due to the use of `load` instead of `safe load`, allowing an attacker to insert Python into loaded YAML and trigger command execution. **Recommendations** For versions prior to 2.0.0a12, update to version 2.0.0a12 or later to resolve the issue. As a temporary workaround, consider disabling the `load yaml` and `load yamlf` functions in util.py until a patch is available. Restrict access to YAML loading functionality to minimize the risk of exploitation. Avoid using the `load` function for YAML loading; instead, use the `safe load` function to prevent arbitrary command execution.

**Name of the Vulnerable Software and Affected Versions** MLAlchemy versions prior to 0.2.2 **Description** A vulnerability exists in the YAML parsing functionality. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands, resulting in command execution. This occurs because the `load` function is used where `safe load` should have been used. An attacker can insert Python into loaded YAML to trigger this issue. **Recommendations** For versions prior to 0.2.2, update to version 0.2.2 or later to resolve the issue. As a temporary workaround, consider modifying the `parse yaml query` method in `parser.py` to use `safe load` instead of `load` to prevent arbitrary command execution.