Kiciot

**Name of the Vulnerable Software and Affected Versions** EFM ipTIME A8004T version 14.18.2 **Description** A stack-based buffer overflow exists in the `formWifiBasicSet()` function within the `/goform/WifiBasicSet` file. This issue can be triggered remotely by manipulating the `security 5g` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/goform/WifiBasicSet` endpoint or avoid using the `security 5g` parameter.

**Name of the Vulnerable Software and Affected Versions** Totolink X5000R version 9.1.0u.6369 B20230113 **Description** A buffer overflow occurs in the `sub 458E40()` function within the '/boafrm/formDdns' file. This issue is triggered by the manipulation of the `submit-url` argument, allowing for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825M version 1.1.12 **Description** A buffer overflow can be triggered remotely through the manipulation of the `submit-url` argument. This issue occurs within the `sub 414BA8()` function located in the `/boafrm/formWanConfigSetup` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825M version 1.1.12 **Description** A buffer overflow occurs in the `sub 4151FC()` function within the `/boafrm/formVpnConfigSetup` file. This issue allows remote exploitation through the manipulation of the `submit-url` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda 4G06 version 04.06.01.29 **Description** A flaw exists in Tenda 4G06 version 04.06.01.29 that allows for a remote stack-based buffer overflow. The issue is located within the `fromDhcpListClient` function of the `/goform/DhcpListClient` file, part of the Endpoint component. The overflow is triggered by manipulating the `page` argument. The exploit for this issue has been made public. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/DhcpListClient` file to minimize the risk of exploitation.