Lx-Lx

**Name of the Vulnerable Software and Affected Versions** EFM iptime A6004MX version 14.18.2 **Description** A flaw exists in EFM iptime A6004MX that allows for unrestricted file uploads. This is due to a weakness in the `commit vpncli file upload` function located in the `/cgi/timepro.cgi` file. The issue can be exploited remotely. The details of the exploit have been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EFM ipTIME A8004T version 14.18.2 **Description** A flaw exists in the authentication process of the EFM ipTIME A8004T router. This issue stems from improper authentication within the `httpcon check session url` function, located in the `/cgi/timepro.cgi` file, associated with the Hidden Hiddenloginsetup Interface component. The issue can be exploited remotely. The exploit has been publicly released. **Recommendations** Update to a newer version of EFM ipTIME A8004T that addresses this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EFM ipTIME A8004T version 14.18.2 **Description** A flaw exists in the VPN Service component of the software, specifically within the `commit vpncli file upload` function located in the `/cgi/timepro.cgi` file. This allows for unrestricted file uploads, and can be exploited remotely. The exploit for this issue is publicly available. The vendor was informed of this issue but did not provide a response. **Recommendations** For EFM ipTIME A8004T version 14.18.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EFM ipTIME A8004T version 14.18.2 **Description** A flaw exists in the Debug Interface component of EFM ipTIME A8004T. Specifically, manipulation of the `cmd` argument within the `httpcon check session url` function, located in the `/sess-bin/d.cgi` file, can lead to backdoor access. This issue allows for remote attacks, though the complexity is considered high and exploitability is difficult. The exploit for this issue has been publicly disclosed. The vendor was informed of the issue but did not respond. **Recommendations** Versions prior to 14.18.2 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC21 version 16.03.08.16 **Description** A stack-based buffer overflow exists in the `fromAdvSetMacMtuWan` function located in the `/goform/AdvSetMacMtuWan` file. This allows for remote exploitation. The exploit is publicly available. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/AdvSetMacMtuWan` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC21 versions 1.1.1.1/1.dmzip/16.03.08.16 **Description** A security flaw exists in the Tenda AC21 router. The issue is related to command injection within the `mDMZSetCfg` function, located in the `/goform/mDMZSetCfg` file. Manipulation of the `dmzIp` argument can lead to remote code execution. The exploit for this issue has been publicly released and may be used in attacks. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/mDMZSetCfg` file.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M version 1.01.07 **Description** A weakness exists in D-Link routers that involves improper processing of the `host` argument within the `/boafrm/formTracerouteDiagnosticRun` file. Manipulation of this argument can lead to a buffer overflow, potentially allowing for remote code execution. The exploit for this issue has been publicly released. **Recommendations** Update the firmware on D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M version 1.01.07. If these routers are end-of-life models, consider replacing them to avoid a permanent vulnerability window.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M versions 1.01.07 through 1.1.47 **Description** A security issue has been identified in D-Link routers, specifically affecting the models DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M. The flaw resides in the `/boafrm/formPingDiagnosticRun` file and involves the handling of the `host` argument. Manipulation of this argument can lead to a buffer overflow. The attack can be initiated remotely. The exploit has been publicly released. **Recommendations** D-Link DWR-M920 versions 1.01.07 through 1.1.47 should be updated. D-Link DWR-M921 versions 1.01.07 through 1.1.47 should be updated. D-Link DWR-M960 versions 1.01.07 through 1.1.47 should be updated. D-Link DWR-M961 versions 1.01.07 through 1.1.47 should be updated. D-Link DIR-825M versions 1.01.07 through 1.1.47 should be updated.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920 version 1.1.5 D-Link DWR-M921 version 1.1.5 D-Link DIR-822K version 1.1.5 D-Link DIR-825M version 1.1.5 **Description** A security issue exists in D-Link devices that allows for command injection. The `system` function within the `/boafrm/formDebugDiagnosticRun` file is affected. Manipulation of the `host` argument can lead to unauthorized command execution. The exploit for this issue has been publicly disclosed. **Recommendations** Update D-Link DWR-M920 to a newer version. Update D-Link DWR-M921 to a newer version. Update D-Link DIR-822K to a newer version. Update D-Link DIR-825M to a newer version.

**Name of the Vulnerable Software and Affected Versions** Tenda AC23 version 16.03.07.52 **Description** A security issue exists in Tenda AC23 version 16.03.07.52. The `saveParentControlInfo` function within the `/goform/saveParentControlInfo` file is susceptible to a buffer overflow when the `Time` argument is manipulated. This allows for remote exploitation of the device. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC21 version 16.03.08.16 **Description** A flaw exists in the Tenda AC21 device. This issue is related to a buffer overflow in the `formSetPPTPServer` function within the `/goform/SetPptpServerCfg` file. Manipulation of the `startIp` argument can trigger this overflow. Remote exploitation is possible. The exploit is publicly available. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/SetPptpServerCfg` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC23 version 16.03.07.52 **Description** A weakness exists in the Tenda AC23. This issue impacts the `formSetVirtualSer` function within the `/goform/SetVirtualServerCfg` file. Manipulation of the argument list to this function can cause a buffer overflow. The attack can be initiated remotely. The exploit for this issue has been publicly released and could be exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.