Kee02P

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X6000R version 9.4.0cu.852 B20230719 **Description** An issue discovered in the sub 4117F8 function allows attackers to run arbitrary commands via the `lang` parameter. **Recommendations** For TOTOLINK X6000R version 9.4.0cu.852 B20230719, consider disabling the sub 4117F8 function until a patch is available. Restrict access to the `lang` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X6000R version 9.4.0cu.852 B20230719 **Description** An issue in the TOTOLINK X6000R allows attackers to run arbitrary code via the `sub 410118` function of the `shttpd` program. **Recommendations** For TOTOLINK X6000R version 9.4.0cu.852 B20230719, consider disabling the `sub 410118` function of the `shttpd` program as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-LINK Go-RT-AC750 version v101b03 **Description** The issue is related to the sprintf function in the sub 40E700 function within the cgibin, which is susceptible to stack overflow. This can potentially allow a remote attacker to execute arbitrary commands. The vulnerability is associated with a buffer overflow. **Recommendations** For D-LINK Go-RT-AC750 version v101b03, as a temporary workaround, consider disabling the `sub 40E700` function within the cgibin until a patch is available. Restrict access to the vulnerable cgibin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.