Liu Zhu

**Name of the Vulnerable Software and Affected Versions** TP-LINK EAP Controller versions 2.5.3 and earlier **Description** The issue is related to the lack of user authentication for RMI service commands in the TP-LINK EAP Controller. This allows remote attackers to implement deserialization attacks through the RMI protocol. Successful attacks may enable a remote attacker to control the target server and execute Java functions or bytecode. **Recommendations** For versions 2.5.3 and earlier, consider disabling the RMI service until a patch is available to prevent deserialization attacks. Restrict access to the RMI interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** A heap-based buffer overflow exists in the Exiv2::l2Data function of types.cpp. This issue can be triggered by a crafted input, leading to a denial of service attack. **Recommendations** For Exiv2 version 0.26, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** A heap-based buffer over-read issue exists in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp. This can be triggered by a crafted input, leading to a denial of service attack. **Recommendations** For Exiv2 version 0.26, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** A NULL pointer dereference was discovered in the `Exiv2::Image::printIFDStructure` function in `image.cpp`, which causes a segmentation fault and application crash, leading to denial of service. **Recommendations** For Exiv2 version 0.26, consider applying a patch or fix to resolve the NULL pointer dereference issue in the `Exiv2::Image::printIFDStructure` function to prevent application crashes and denial of service.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** A heap-based buffer overflow exists in the Exiv2::us2Data function of types.cpp. This issue can be triggered by a crafted input, leading to a denial of service attack. **Recommendations** For Exiv2 version 0.26, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** A heap-based buffer overflow exists in the Exiv2::s2Data function of types.cpp. This issue can be triggered by a crafted input, leading to a denial of service attack. **Recommendations** For Exiv2 version 0.26, consider updating to a newer version that contains a fix for this issue, as using a crafted input can lead to a denial of service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.