Liyansong2018

**Name of the Vulnerable Software and Affected Versions** ToaruOS version 2.0.1 **Description** The issue concerns arbitrary address read vulnerabilities in the `readelf` component of ToaruOS when it parses a crafted ELF file. **Recommendations** For ToaruOS version 2.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToaruOS version 2.0.1 **Description** The issue allows for remote code execution when a crafted ELF file is parsed, due to a global overflow in the readelf component. **Recommendations** For ToaruOS version 2.0.1, consider avoiding the use of readelf to parse untrusted ELF files until a patch is available. As a temporary workaround, restrict access to readelf to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Luadec version 0.9.9 **Description** A heap-buffer overflow issue was discovered in Luadec via the `UnsetPending` function. **Recommendations** For Luadec version 0.9.9, consider disabling the `UnsetPending` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Unicorn Engine versions 2.0.0-rc7 and below **Description** The issue is related to a memory leak in the Unicorn Engine, which occurs via the `uc close` function located at `/my/unicorn/uc.c`. **Recommendations** For Unicorn Engine versions 2.0.0-rc7 and below, consider disabling the `uc close` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Unicorn Engine version 1.0.3 **Description** A use-after-free issue was found in the hook function of the Unicorn Engine. **Recommendations** For Unicorn Engine version 1.0.3, consider disabling the hook function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Unicorn Engine versions 2.0.0-rc7 and below **Description** A NULL pointer dereference issue was discovered via `qemu ram free`. **Recommendations** For versions 2.0.0-rc7 and below, update to a version above 2.0.0-rc7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Unicorn Engine versions 2.0.0-rc7 **Description** The issue is caused by an incomplete unicorn engine initialization, leading to memory leaks. **Recommendations** For Unicorn Engine version 2.0.0-rc7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** elfspirit versions prior to 1.1 **Description** The issue is related to an out-of-bounds read bug in the ELF file format analysis. This bug can cause application crashes or information leakage. By constructing a specially formatted ELF file, it is possible to leak information from any address. **Recommendations** For versions prior to 1.1, update to version 1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-2640-US version 1.01B04 **Description** The issue is related to Incorrect Access Control in the D-Link DIR-2640-US router. When setting up PPPoE, the router starts the quagga process, which uses the default password and port, allowing an attacker to easily log in using telnet. This enables the attacker to modify routing information, monitor traffic of all devices under the router, hijack DNS, and conduct phishing attacks. The interface in question may be perceived as a backdoor due to its exposure. **Recommendations** For D-Link DIR-2640-US version 1.01B04, consider disabling the quagga process or changing the default password and port used by this process to prevent unauthorized access until a patch is available. Restrict access to the telnet interface to minimize the risk of exploitation. Avoid using the default settings for PPPoE configuration to reduce the vulnerability to attacks.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524 TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524 **Description** The issue allows for Cross Site Request Forgery (CSRF) attacks. Since all configuration information is placed in the URL without additional token authentication, a malicious link opened by the switch administrator can lead to the modification of the switch's password and tampering with the configuration file. **Recommendations** For TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524, avoid using links from untrusted sources to prevent potential CSRF attacks. For TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524, avoid using links from untrusted sources to prevent potential CSRF attacks. As a temporary workaround, consider restricting access to the switch's configuration interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524 TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524 **Description** The issue is caused by an Array index error in the interface that provides the device description function. This function only checks the length of the received data and does not filter special characters, leading to a crash of the application and erasure of all device configuration information. **Recommendations** For TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524, consider disabling the device description function until a patch is available to prevent potential crashes and data loss. For TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524, consider disabling the device description function until a patch is available to prevent potential crashes and data loss. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-2640-US version 1.01B04 **Description** The issue is related to insufficiently protected credentials. The D-Link AC2600 (DIR-2640) stores the device system account password in plain text and does not utilize Linux user management. Furthermore, all devices have the same password, which cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. **Recommendations** For D-Link DIR-2640-US version 1.01B04, consider disabling access to the serial port as a temporary workaround to minimize the risk of exploitation. Restricting root privileges until a proper fix is available is also advisable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.