Ku In Hoe

**Name of the Vulnerable Software and Affected Versions** NEXTU FLETA AX1500 WIFI6 version 1.0.3 **Description** A buffer overflow was discovered at the `/boafrm/formIpQoS` API endpoint. This issue allows attackers to cause a Denial of Service (DoS) or potentially execute arbitrary code via a crafted POST request. **Recommendations** For version 1.0.3, consider disabling access to the `/boafrm/formIpQoS` API endpoint until a patch is available to prevent potential exploitation. Restricting the use of this endpoint can help minimize the risk of a Denial of Service (DoS) or arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** NEXTU FLATA AX1500 Router version 1.0.2 **Description** The issue is a buffer overflow vulnerability that allows a remote attacker to execute arbitrary code via the POST request handler component. This enables the attacker to run any code they want, posing a significant risk. **Recommendations** For NEXTU FLATA AX1500 Router version 1.0.2, consider disabling the POST request handler component until a patch is available to prevent exploitation. Restrict access to the router to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.