Ltzhuster

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. A remote attacker can exploit this by manipulating the `enable` argument within the `setStaticDhcpRules()` function of the '/cgi-bin/cstecgi.cgi' endpoint. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. This occurs when the `provider` argument is manipulated within the `setDdnsCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or disable the `setDdnsCfg()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. A remote attacker can manipulate the `lang` argument within the `setLanguageCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or the Web Management Interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A security flaw in the Web Management Interface allows remote attackers to perform OS command injection. This occurs through the manipulation of the `resetFlags` argument within the `setUpgradeFW()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the Web Management Interface. A remote attacker can exploit this by manipulating the `mode` argument within the `setScheduleCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. This occurs when the `firewallType` argument is manipulated within the `setFirewallType()` function of the '/cgi-bin/cstecgi.cgi' endpoint, allowing a remote attacker to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A weakness in the Web Management Interface allows for remote OS command injection. This occurs through the manipulation of the `enable` argument within the `setRemoteCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. Remote attackers can exploit this by manipulating the `ip` argument within the `setDiagnosisCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the Web Management Interface. The issue occurs within the `setGameSpeedCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. Remote exploitation is possible by manipulating the `enable` argument, allowing the execution of arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. This occurs through the manipulation of the `command` argument within the `setTracerouteCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the `proto` argument within the '/cgi-bin/cstecgi.cgi' endpoint. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the target machine. **Recommendations** For version 7.1cu.643 b20200521, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or avoid using the `proto` argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A flaw in the httpd component allows a remote attack to cause a buffer overflow, which occurs when a program writes more data to a storage area than it can hold. The issue is located in the `fromNatlimitof()` function within the '/goform/Natlimit' file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A remote command injection issue exists in the httpd component. The problem occurs within the `FromWriteFacMac()` function of the `/goform/WriteFacMac` file. Manipulation of the `mac` argument allows a remote attacker to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/WriteFacMac` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A buffer overflow can be triggered remotely within the httpd component. The issue exists in the `formQuickIndex()` function located in the `/goform/QuickIndex` file, where manipulating the `mit linktype` argument leads to the overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the CGI Handler component. Remote, unauthenticated attackers can execute arbitrary operating system commands by manipulating the `pptpPassThru` argument within the `setVpnPassCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1202 version 1.2.0.14(408) **Description** A stack-based buffer overflow exists in the httpd component within the `WrlExtraSet()` function of the `/goform/WrlExtraSet` file. This issue can be triggered remotely by manipulating the `Go` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1202 version 1.2.0.14 **Description** A stack-based buffer overflow exists in the `httpd` component within the `fromWrlclientSet()` function of the `/goform/WrlclientSet` file. This issue allows a remote attacker to trigger the overflow by manipulating the `Go` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/goform/WrlclientSet` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A buffer overflow exists in the httpd component of the firmware. The issue occurs within the `fromWrlclientSet()` function located in the `/goform/WrlclientSet` file. Additionally, the `formQuickIndex()` function is susceptible to an out-of-bounds memory operation when processing the `mit linktype` parameter. A remote attacker can exploit these flaws by sending a specially crafted POST request to cause a denial of service or execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F456 version 1.0.0.5 **Description** A remote buffer overflow exists in the `fromP2pListFilter()` function within the `/goform/P2pListFilter` file. This issue occurs when the `menufacturer/Go` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i9 version 1.0.0.5(2204) **Description** A path traversal issue exists in the HTTP Handler component within the `R7WebsSecurityHandlerfunction()` function. This flaw allows remote attackers to manipulate paths to access unauthorized files or directories. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.