Meshaal

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 Description A stack-based buffer overflow exists in the `websGetVar` function of the `/goform/SysToolChangePwd` file. Manipulation of the `oldPwd`, `newPwd`, and `cfmPwd` arguments can trigger this issue. The attack can be executed remotely and a public exploit is available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 version 1.01B02 Description A flaw exists in the `sprintf` function within the `prog.cgi` file of the HNAP1 SetNetworkSettings Handler component. Manipulation of the `IPAddress` argument can lead to operating system command injection. This issue is remotely exploitable and affects a product no longer supported by the maintainer. Recommendations Update to a newer version if available. As a temporary workaround, consider disabling the HNAP1 SetNetworkSettings Handler component until a patch is available.