Leetmoon

Name of the Vulnerable Software and Affected Versions: Mercury MNVR816 versions up to 2.0.1.0.5 Description: A vulnerability has been found that allows for files or directories to be made accessible. The issue affects an unknown part of the file /web-static/. It is possible to initiate the attack remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: For Mercury MNVR816 versions up to 2.0.1.0.5, apply restrictive firewalling immediately to mitigate the risk of unauthorized access to files or directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DNS-320 version 2.02b01 Description: The issue is related to the disclosure of information in the /cgi-bin/discovery.cgi file of the Web Management Interface component in the D-Link DNS-320 router's firmware. This can be exploited remotely, allowing an attacker to disclose confidential information. The product is end-of-life and should be retired and replaced. Recommendations: For D-Link DNS-320 version 2.02b01, consider retiring and replacing the product as it is end-of-life and no longer supported by the maintainer. As a temporary workaround, restrict access to the /cgi-bin/discovery.cgi file in the Web Management Interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-320 version 2.02b01 **Description** A problematic issue has been found in the Web Management Interface of the D-Link DNS-320, specifically in the file /cgi-bin/widget api.cgi. The manipulation of the `getHD`, `getSer`, or `getSys` argument leads to information disclosure. This issue can be exploited remotely, but the complexity of an attack is rather high, and the exploitation is known to be difficult. The product is end-of-life and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling the `/cgi-bin/widget api.cgi` file until the issue is resolved. Restrict access to the Web Management Interface to minimize the risk of exploitation. Avoid using the `getHD`, `getSer`, or `getSys` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects the Web Management Interface component. The manipulation of the `dpi` argument leads to command injection, allowing remote attacks. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface or restricting access to it until a patch is available. Avoid using the `dpi` argument in the affected interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects an unknown functionality of the Web Management Interface component. The manipulation of the `name` argument leads to command injection. This issue can be exploited remotely. **Recommendations** For versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available. Restrict access to the Web Management Interface to minimize the risk of exploitation. Avoid using the `name` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects some unknown functionality of the Web Management Interface component. The manipulation of the `suffix-rate-up` argument leads to command injection. The attack can be launched remotely. **Recommendations** For versions up to 2.0.9-hotfix.6, as a temporary workaround, consider restricting access to the Web Management Interface to minimize the risk of exploitation. Avoid using the `suffix-rate-up` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue was found in the Web Management Interface component. The manipulation of the `ecn-up` argument leads to command injection, allowing remote attacks. The exploit has been disclosed publicly. **Recommendations** For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface or restricting access to it until a patch is available. Avoid using the `ecn-up` argument in the affected interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue has been found in the Web Service component, allowing for denial of service through remote attack. The exploit has been disclosed publicly. **Recommendations** For versions up to 2.0.9-hotfix.6, update to a version later than 2.0.9-hotfix.6 to resolve the issue. As a temporary workaround, consider restricting access to the Web Service component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue has been found in the Web Management Interface component. The manipulation of the `ecn-down` argument leads to command injection. This issue can be exploited remotely. **Recommendations** For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available to prevent command injection attacks. Restrict access to the interface to minimize the risk of exploitation. Avoid using the `ecn-down` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 **Description** A critical issue affects the Web Management Interface component, where the manipulation of the `src` argument leads to command injection. This can be initiated remotely. **Recommendations** For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available to prevent command injection attacks. Restrict access to the interface to minimize the risk of exploitation. Avoid using the `src` argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 **Description** The issue exists due to insufficient input validation in the Static Routing Configuration Handler component of the Ubiquiti EdgeRouter microprogram. Exploitation of this issue may allow a remote attacker to execute arbitrary commands. The manipulation of the `next-hop-interface` argument leads to command injection. It is possible to launch the attack remotely. **Recommendations** For Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, consider disabling the Static Routing Configuration Handler component until a patch is available. Restrict access to the `next-hop-interface` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 **Description** A critical issue has been found in the OSPF Handler component of the software, potentially allowing for command injection through the manipulation of the argument area. This can be exploited remotely. The existence of this issue is still uncertain. **Recommendations** For version 2.0.9-hotfix.6, consider restricting access to the OSPF Handler component until a fix is available. As a temporary workaround, avoid using the argument area in the OSPF Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 **Description** The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execute arbitrary commands. This can lead to command injection. The attack may be initiated remotely. **Recommendations** For Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, consider disabling the NAT Configuration Handler component until a patch is available. As a temporary workaround, restrict access to the NAT Configuration Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.