Kkff33

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920 versions prior to 1.1.51 **Description** Command injection is possible via remote attack through the manipulation of the `ussdValue` argument. The issue resides in the `sub 41CF20()` function within the `/boafrm/formUSSDSetup` file. **Recommendations** Update to a version later than 1.1.50. As a temporary workaround, restrict access to the `/boafrm/formUSSDSetup` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920 versions prior to 1.1.51 **Description** A flaw in the `sub 412DA0()` function within the `/boafrm/formIMEISetup` file allows for remote OS command injection. This occurs through the manipulation of the `IMEI value` argument. **Recommendations** Update to a version later than 1.1.50. As a temporary workaround, restrict access to the `/boafrm/formIMEISetup` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920 versions 1.1.50 through 1.1.70 **Description** A command injection issue exists that can be exploited remotely. The problem is located in the `sub 41C8E8()` function within the `/boafrm/formSmsManage` file. An attacker can trigger this by manipulating the `action value` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/boafrm/formSmsManage` file or the `sub 41C8E8()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Farm Management System version 1.0 **Description** A critical issue has been found in the itsourcecode Farm Management System, affecting an unknown functionality of the file /quarantine.php?id=3. The manipulation of the `pigno`, `breed`, and `reason` arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For itsourcecode Farm Management System version 1.0, consider disabling the /quarantine.php file or restricting access to it until a patch is available. Additionally, avoid using the `pigno`, `breed`, and `reason` parameters in the affected API endpoint until the issue is resolved.