Ltzhuster2

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A weakness in the Web Management Interface allows for remote OS command injection. This occurs through the manipulation of the `enable` argument within the `setMacFilterRules()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. This occurs when the `wscDisabled` argument is manipulated within the `setWiFiWpsCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the Web Management Interface. The flaw is located in the `setQosCfg()` function within the '/cgi-bin/cstecgi.cgi' endpoint. Remote exploitation is possible by manipulating the `enable` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A security flaw in the Web Management Interface allows for remote OS command injection. The issue exists within the `setWiFiAdvancedCfg()` function located in the '/cgi-bin/cstecgi.cgi' endpoint. An attacker can trigger this by manipulating the `bgProtection` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection flaw exists in the Web Management Interface. A remote attacker can execute this by manipulating the `enable` argument within the `setL2tpServerCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F1202 version 1.2.0.20(408) **Description** A stack-based buffer overflow occurs due to the manipulation of the `opttype` argument within the `fromPptpUserAdd()` function located in the `/goform/PptpUserAdd` file. This issue allows for remote initiation of the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. A remote attacker can exploit this by manipulating the `admpass` argument within the `setLoginPasswordCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda F1202 version 1.2.0.20(408) **Description** A stack-based buffer overflow occurs in the `fromPPTPUserSetting()` function within the `/goform/PPTPUserSetting` file. This issue allows a remote attacker to trigger the overflow by manipulating the `delno` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. A remote attacker can exploit this by manipulating the `addrPrefixLen` argument within the `setIpv6LanCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or avoid using the `addrPrefixLen` parameter.

**Name of the Vulnerable Software and Affected Versions** Tenda F1202 version 1.2.0.20(408) **Description** A stack-based buffer overflow can be triggered remotely via the `formWrlExtraSet()` function located in the `/goform/WrlExtraSet` file. This occurs through the manipulation of the `delno` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A flaw in the CGI Handler component allows remote attackers to perform OS command injection. This occurs through the manipulation of the `wizard` argument within the `setWizardCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. The manipulation of the `sambaEnabled` argument within the `setStorageCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint allows for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A weakness in the CGI Handler component allows for remote OS command injection. This occurs through the manipulation of the `wanIdx` argument within the `setDmzCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. A remote attacker can manipulate the `HTTP` argument within the `CsteSystem()` function of the '/cgi-bin/cstecgi.cgi' endpoint to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda F1202 version 1.2.0.20(408) **Description** A stack-based buffer overflow can be triggered remotely via the `formGstDhcpSetSer()` function within the `/goform/GstDhcpSetSerof` file. This occurs through the manipulation of the `dips` argument. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the `setIptvCfg` argument within the `setIptvCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** As a temporary workaround, consider restricting access to the '/cgi-bin/cstecgi.cgi' endpoint or disabling the `setIptvCfg()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. A remote attacker can exploit this by manipulating the `merge` argument within the `setWiFiEasyCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or avoid using the `merge` argument within the `setWiFiEasyCfg()` function.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** Remote OS command injection is possible via the CGI Handler component. The issue exists in the `setTelnetCfg()` function within the '/cgi-bin/cstecgi.cgi' endpoint. By manipulating the `telnet enabled` argument, an attacker can execute arbitrary operating system commands remotely. **Recommendations** For version 7.1cu.643 b20200521, update the software to a patched version. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or disable the `setTelnetCfg()` function.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** A security flaw in the CGI Handler component allows remote attackers to perform OS command injection. This occurs through the manipulation of the `sys info` argument within the `setMiniuiHomeInfoShow()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or the `setMiniuiHomeInfoShow()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Totolink A8000RU version 7.1cu.643 b20200521 **Description** An OS command injection issue exists in the CGI Handler component. Remote attackers can exploit this by manipulating the `tz` argument within the `setNtpCfg()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.