Lena-Lyy02

**Name of the Vulnerable Software and Affected Versions** UTT 进取 512W version 1.7.7-171114 **Description** A flaw exists in the `strcpy` function within the `/goform/formRemoteControl` file. Manipulation of the `Profile` argument can lead to a buffer overflow, allowing for remote attacks. The exploit for this issue is publicly available. The vendor was informed of this issue but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 520W version 1.7.7-180627 **Description** A security flaw exists in UTT 进取 520W version 1.7.7-180627. The `strcpy` function within the file `/goform/ConfigWirelessBase` is susceptible to a buffer overflow when the `ssid` argument is manipulated. This allows for remote exploitation. The exploit code has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 520W version 1.7.7-180627 **Description** A flaw exists in UTT 进取 520W version 1.7.7-180627 that allows for remote code execution. The issue stems from a buffer overflow in the `strcpy` function located in the file `/goform/formFireWall`. Manipulation of the `GroupName` argument triggers this overflow. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 520W version 1.7.7-180627 **Description** A flaw exists in the strcpy function within the /goform/formConfigFastDirectionW file. Manipulation of the `ssid` argument can lead to a buffer overflow, potentially allowing for remote exploitation. The issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 512W version 1.7.7-171114 **Description** A security issue exists in UTT 进取 512W 1.7.7-171114. The `strcpy` function within the `/goform/formConfigCliForEngineerOnly` file is susceptible to a buffer overflow when the `addCommand` argument is manipulated. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /boafrm/formMultiAP. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, as a temporary workaround, consider restricting access to the /boafrm/formMultiAP file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST request handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002RU version 3.0.0-B20230809.1615 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically in the file /boafrm/formMultiAP. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK A3002RU version 3.0.0-B20230809.1615, as a temporary workaround, consider restricting access to the /boafrm/formMultiAP file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002RU version 3.0.0-B20230809.1615 **Description** A critical issue affects the HTTP POST Request Handler component due to a buffer overflow when processing the file /boafrm/formSysLog. The manipulation of the `submit-url` argument leads to this overflow. The attack can be initiated remotely. **Recommendations** For TOTOLINK A3002RU version 3.0.0-B20230809.1615, as a temporary workaround, consider restricting access to the /boafrm/formSysLog file until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue has been found, affecting an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the HTTP POST Request Handler component to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A702R version 4.0.0-B20230721.1521 **Description** A critical vulnerability was found in the TOTOLINK A702R, affecting unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to a buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For TOTOLINK A702R version 4.0.0-B20230721.1521, update the firmware to a newer version to mitigate the risk of buffer overflow via the HTTP POST Request Handler. As a temporary workaround, consider restricting access to the `/boafrm/formSysLog` file and the `submit-url` argument in the HTTP POST Request Handler until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002R version 4.0.0-B20230531.1404 **Description** A critical vulnerability has been found in the HTTP POST Request Handler component of the affected software. The issue is related to the manipulation of the `submit-url` argument, which leads to a buffer overflow. This can be exploited remotely. The exploit has been disclosed publicly. **Recommendations** For TOTOLINK A3002R version 4.0.0-B20230531.1404, as a temporary workaround, consider restricting access to the `/boafrm/formSysLog` file and the `submit-url` argument in the HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical vulnerability was found in the HTTP POST Request Handler component of the affected software. The issue is related to an unknown functionality of the file /boafrm/formMultiAP. The manipulation of the `submit-url` argument leads to a buffer overflow. This can be exploited remotely. **Recommendations** For version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the /boafrm/formMultiAP file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue has been identified, affecting an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the /boafrm/formDMZ file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue affects the TOTOLINK X15, where the manipulation of the `submit-url` argument in the `/boafrm/formWirelessTbl` file of the HTTP POST Request Handler component leads to a buffer overflow. This can be exploited remotely, potentially allowing an attacker to execute arbitrary commands or cause a denial of service by sending a specially crafted POST request to the "API Endpoint: /boafrm/formWirelessTbl". The exploit has been disclosed publicly. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the `/boafrm/formWirelessTbl` API endpoint until a patch is available. Avoid using the `submit-url` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically in the file /boafrm/formWsc. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the /boafrm/formWsc file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue affects the unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument `submit-url` leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/boafrm/formSetLg` endpoint until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue has been found in the HTTP POST Request Handler component of the affected software. The manipulation of the `submit-url` argument leads to a buffer overflow. This can be exploited remotely. The issue affects an unknown function of the file `/boafrm/formNtp`. The exploit has been disclosed publicly and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/boafrm/formNtp` file and the `submit-url` argument in the HTTP POST Request Handler until a patch is available. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical vulnerability was found in the HTTP POST Request Handler component of TOTOLINK X15. The issue affects an unknown functionality of the file /boafrm/formDosCfg. The manipulation of the `submit-url` argument leads to a buffer overflow. This attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the /boafrm/formDosCfg file until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical vulnerability has been found in the HTTP POST Request Handler of TOTOLINK X15. This affects an unknown part of the file /boafrm/formSaveConfig. The manipulation of the `submit-url` argument leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/boafrm/formSaveConfig` endpoint until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue affects some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/boafrm/formStats` endpoint until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.