Maximdevere

**Name of the Vulnerable Software and Affected Versions** UTT 进取 512W versions through 3.1.7.7-171114 **Description** A buffer overflow issue exists in UTT 进取 512W. The `strcpy` function within the `/goform/formConfigFastDirectionW` file is affected when handling the `ssid` argument. This allows for remote exploitation, potentially leading to code execution. A public exploit is available. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to 3.1.7.7-171114 should be updated. As a temporary workaround, consider restricting access to the `/goform/formConfigFastDirectionW` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 512W versions prior to 3.1.7.7-171114 **Description** A buffer overflow issue exists in the Endpoint component of UTT 进取 512W. The issue is related to the `strcpy` function within the `/goform/formNatStaticMap` file. Manipulation of the `NatBind` argument can trigger the overflow, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.1.7.7-171114 should be updated. As a temporary workaround, restrict access to the `/goform/formNatStaticMap` file. Consider disabling the `strcpy` function if possible.

**Name of the Vulnerable Software and Affected Versions** Tenda CH22 version 1.0.0.1 **Description** A security issue exists in the `frmL7ImForm` function of the `/goform/L7Im` file. Manipulation of the `page` argument can lead to a buffer overflow. Remote exploitation is possible, and an exploit has been publicly released. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/L7Im` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC21 versions up to 16.03.08.16 **Description** A security issue exists in Tenda AC21 routers. A buffer overflow can be triggered remotely through manipulation of the argument list within the `sscanf` function located in the `/goform/SetStaticRouteCfg` file. The exploit for this issue has been publicly released. Admin access may simplify exploitation. **Recommendations** Update Tenda AC21 to a version later than 16.03.08.16.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 840G versions up to 3.1.1-190328 **Description** A buffer overflow issue exists in UTT HiPER 840G. The `strcpy` function within the /goform/formTaskEdit file is affected. Manipulation of the `txtMin2` argument can lead to a buffer overflow. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.1.1-190328 should be updated. Consider temporarily restricting or disabling the use of the /goform/formTaskEdit file. Avoid using the `txtMin2` argument in the affected file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Ruijie 6000-E10 versions through 2.4.3.6-20171117 **Description** A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file `/view/vpn/autovpn/sub commit.php`. Manipulation of the `key` argument can lead to operating system command injection. The attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions through 2.4.3.6-20171117 should be updated. As a temporary workaround, restrict access to the file `/view/vpn/autovpn/sub commit.php` to minimize the risk of exploitation. Avoid using the `key` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** B-Link BL-AC2100 versions up to 1.0.3 **Description** A security issue exists in the Web Management Interface component of B-Link BL-AC2100. The `delshrpath` function, located in the file `/goform/set delshrpath cfg`, is susceptible to a stack-based buffer overflow when the `Type` argument is manipulated. This issue can be exploited remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions up to 1.0.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Discussion Forum version 1.0 **Description** A SQL injection issue exists in PHPGurukul Online Discussion Forum version 1.0. The issue is located in the `/admin/admin forum/search result.php` file. Manipulation of the `Search` argument can lead to SQL injection, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Discussion Forum version 1.0 **Description** A vulnerability exists in PHPGurukul Online Discussion Forum that may allow remote attackers to inject SQL code. The issue is located in the `/admin/edit member.php` file, where manipulation of the `ID` argument can lead to SQL injection. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/edit member.php` file until a fix is available. Sanitize the `ID` argument to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the D-Link DIR-823X, specifically within the `sub 412E7C` function located in the `/goform/set switch settings` file. Manipulation of the `port` argument can lead to command injection. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** Apply updates to address the flaw in the `sub 412E7C` function of the `/goform/set switch settings` file. As a temporary workaround, restrict access to the `/goform/set switch settings` file to minimize the risk of exploitation. Avoid using the `port` parameter in the affected function until the issue is resolved.