Max Van Amerongen

**Name of the Vulnerable Software and Affected Versions** D-Link versions (affected versions not specified) Edimax versions (affected versions not specified) NETGEAR D7800 versions prior to 1.0.1.68 NETGEAR R6400v2 versions prior to 1.0.4.122 NETGEAR R6700v3 versions prior to 1.0.4.122 NETGEAR R6220 versions (affected versions not specified) NETGEAR R7000 versions (affected versions not specified) NETGEAR R7800 versions (affected versions not specified) TP-Link versions (affected versions not specified) Tenda versions (affected versions not specified) Western Digital versions (affected versions not specified) **Description** The issue is related to an integer overflow by an unauthenticated attacker, which may allow remote code execution from the WAN interface (TCP port 20005). The overflow is in the `SoftwareBus dispatchNormalEPMsgOut` function in the KCodes NetUSB kernel module. Exploitability is considered to be of significant complexity but not impossible. **Recommendations** For NETGEAR D7800 versions prior to 1.0.1.68, update to version 1.0.1.68 or later. For NETGEAR R6400v2 versions prior to 1.0.4.122, update to version 1.0.4.122 or later. For NETGEAR R6700v3 versions prior to 1.0.4.122, update to version 1.0.4.122 or later. For other affected devices, at the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the WAN interface (TCP port 20005) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.24 **Description** The issue is related to errors in resource release in the Core component of Oracle VM VirtualBox. It allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox, potentially causing a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. This could significantly impact additional products. **Recommendations** For versions prior to 6.1.24, update to version 6.1.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.20 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.20 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise it. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer A7 Firmware version 190726 **Description** This issue allows a firewall bypass on affected TP-Link Archer A7 installations. It does not require authentication to exploit. The flaw exists within the handling of IPv6 connections, specifically due to the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this, potentially in conjunction with other issues, to execute code in the context of root. **Recommendations** For TP-Link Archer A7 Firmware version 190726, consider restricting or disabling IPv6 SSH connections as a temporary mitigation measure until a patch is available. Additionally, restrict access to the handling of IPv6 connections to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer A7 Firmware version 190726 **Description** This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the handling of SSH port forwarding requests during initial setup, resulting from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this to escalate privileges to resources normally protected from the WAN interface. **Recommendations** For TP-Link Archer A7 Firmware version 190726, as a temporary workaround, consider disabling SSH port forwarding until a patch is available. Restrict access to the WAN interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer A7 Firmware version 190726 **Description** This issue allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 routers. Authentication is not required to exploit this issue. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** For TP-Link Archer A7 Firmware version 190726, as a temporary workaround, consider disabling the tmpServer service until a patch is available. Restrict access to TCP port 20002 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.