Ltzhust2

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. This occurs when the `admpass` argument is manipulated within the `setPasswordCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the Web Management Interface. A remote attacker can manipulate the `enable` argument within the `setParentalRules()` function of the '/cgi-bin/cstecgi.cgi' endpoint to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the Web Management Interface. This issue occurs within the `setAccessDeviceCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. A remote attacker can trigger this by manipulating the `mac` argument, allowing for the execution of arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A security flaw allows remote OS command injection via the manipulation of the `enable` argument. This issue occurs within the `setAppFilterCfg()` function located in the "/cgi-bin/cstecgi.cgi" endpoint. **Recommendations** For version 7.1cu.643 b20200521, restrict access to the "/cgi-bin/cstecgi.cgi" endpoint or temporarily disable the `setAppFilterCfg()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A remote OS command injection exists in the CGI Handler component. The issue occurs within the `setVpnAccountCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint when manipulating the `User` argument. **Recommendations** Update Totolink A8000RU version 7.1cu.643 b20200521 to a patched version. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or avoid using the `User` parameter within the `setVpnAccountCfg()` function.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the CGI Handler component. The issue occurs because the `setOpenVpnClientCfg()` function in the '/cgi-bin/cstecgi.cgi' endpoint fails to adequately sanitize input from the `enabled` argument. This allows a remote, unauthenticated attacker to execute arbitrary operating system commands by sending a specially crafted HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the '/cgi-bin/cstecgi.cgi' endpoint or disabling the `setOpenVpnClientCfg()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the CGI Handler component. A remote attacker can exploit this by manipulating the `maxRtrAdvInterval` argument within the `setRadvdCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or avoid using the `maxRtrAdvInterval` parameter.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the CGI Handler component. A remote attacker can exploit this by manipulating the `wifiOff` argument within the `setWiFiBasicCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** Update Totolink A8000RU version 7.1cu.643 b20200521 to a patched version. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or avoid using the `wifiOff` argument until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A security flaw in the CGI Handler component allows remote attackers to perform OS command injection. This occurs through the manipulation of the `merge` argument within the `setWiFiEasyGuestCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A buffer overflow exists in the `fromSafeClientFilter()` function within the `/goform/SafeClientFilter` file. This issue can be triggered remotely by manipulating the `menufacturer/Go` argument, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A remote buffer overflow occurs in the `fromSafeMacFilter()` function within the `/goform/SafeMacFilter` file. This issue is triggered by the manipulation of the `page` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A buffer overflow can be triggered remotely via the manipulation of the `page` argument in the `fromRouteStatic()` function within the '/goform/RouteStatic' file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A buffer overflow exists in the `SafeEmailFilter()` function within the `/goform/SafeEmailFilter` file. This issue occurs when the `page` argument is manipulated, allowing a remote attacker to trigger the flaw. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/SafeEmailFilter` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A buffer overflow can be triggered remotely via the `fromaddressNat()` function within the `/goform/addressNat` file. This occurs through the manipulation of the `menufacturer/Go` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN579A3 version 220323 **Description** A cross site scripting issue exists in the function `sub 401F80()` within the '/cgi-bin/login.cgi' file. This occurs due to the improper manipulation of the `Hostname` argument, allowing for remote exploitation. **Recommendations** Upgrade the affected component to the fixed version released by the vendor.

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in Totolink A7100RU 7.4cu.2313 b20191024. The `setTtyServiceCfg` function within the CGI Handler component, located in the file `/cgi-bin/cstecgi.cgi`, is susceptible to os command injection. Manipulation of the `ttyEnable` argument can lead to remote code execution. The exploit for this issue has been publicly disclosed. Recommendations Disable the `setTtyServiceCfg` function in `/cgi-bin/cstecgi.cgi` until a patch is available.

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU router, specifically within the CGI Handler component. Manipulation of the `proto` argument in the `setNetworkCfg` function of the `/cgi-bin/cstecgi.cgi` file can lead to operating system command injection. This attack can be initiated remotely. Recommendations For Totolink A7100RU version 7.4cu.2313 b20191024, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Manipulation of the `enable` argument in the `setAppCfg` function via the '/cgi-bin/cstecgi.cgi' endpoint can lead to OS command injection. The attack can be launched remotely. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The `setTracerouteCfg` function within the `/cgi-bin/cstecgi.cgi` component (CGI Handler) is susceptible to OS command injection through manipulation of the `command` argument. This allows for remote attacks. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` file.

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The issue is due to a flaw in the `setRadvdCfg` function within the CGI Handler component, specifically in the file `/cgi-bin/cstecgi.cgi`. Manipulation of the `maxRtrAdvInterval` argument can lead to operating system command injection. This can be initiated remotely. The exploit has been made publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability.