N0Ps1Ed

Name of the Vulnerable Software and Affected Versions Tenda G103 version 1.0.0.5 Description A security issue exists in Tenda G103 version 1.0.0.5. Manipulation of the `lanIp` argument within the `action set system settings` function in the `system.lua` file of the Setting Handler component can lead to command injection. This can be exploited remotely. The exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda G103 version 1.0.0.5 **Description** A flaw exists in the Setting Handler component of the Tenda G103, specifically within the `action set net settings` function of the `gpon.lua` file. Manipulation of the `authLoid`, `authLoidPassword`, `authPassword`, `authSerialNo`, `authType`, `oltType`, `usVlanId`, or `usVlanPriority` arguments can lead to command injection. This issue is remotely exploitable. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C devices versions NX15V100R015 **Description** H3C devices are susceptible to unauthorized access due to insecure default credentials. The root user account lacks a password, and the H3C user account utilizes the default password “admin”, both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution. **Recommendations** Change the default password for the H3C user account. Set a strong password for the root user account.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN578W2 version 221110 **Description** A vulnerability exists in Wavlink WL-WN578W2 221110. The issue is related to weak password recovery due to the manipulation of the `newpass`/`confpass` arguments within an unknown function of the `/sysinit.html` file. This allows for remote exploitation. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A flaw has been found in Wavlink WL-WN578W2 221110. Exploitation of a manipulation vulnerability in the `/live online.shtml` file’s unknown function can lead to information disclosure. The attack can be executed remotely. The exploit has been published. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-N1 version 2.6.0 **Description** A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. Manipulation of the `portal delete picname` argument within the `wifilith delete pic file` function, located in the `/usr/bin/webmgnt` file, allows for remote execution of commands. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a newer version of Comfast CF-N1 that addresses this issue. As a temporary workaround, restrict access to the `/usr/bin/webmgnt` file. Avoid using the `portal delete picname` parameter in the `wifilith delete pic file` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-N1 version 2.6.0 **Description** A vulnerability was identified in the `wireless device dissoc` function of the `/usr/bin/webmgnt` file. Manipulation of the `mac` argument leads to command injection. The attack may be performed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cudy WR1200EA version 2.3.7-20250113-121810 **Description** A vulnerability exists in Cudy WR1200EA that allows for the use of a default password. The issue affects an unknown function within the `/etc/shadow` file. Exploitation requires local access and is considered difficult due to a high complexity level. The exploit has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-N1 version 2.6.0 **Description** A vulnerability exists in Comfast CF-N1 version 2.6.0 within the `multi pppoe` function located in the `/usr/bin/webmgnt` file. Manipulation of the `phy interface` argument can lead to command injection. This issue may be exploited remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `multi pppoe` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-N1 version 2.6.0 **Description** A flaw exists in the `ntp timezone` function within the `/usr/bin/webmgnt` file. Manipulation of the `timestr` argument can lead to command injection, potentially allowing for remote attacks. The exploit for this issue has been published. **Recommendations** As a temporary workaround, consider restricting access to the `/usr/bin/webmgnt` file to minimize the risk of exploitation. Avoid manipulating the `timestr` argument in the `ntp timezone` function until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-N1 version 2.6.0 **Description** A vulnerability exists in the `ping config` function of the `/usr/bin/webmgnt` file, which can lead to command injection. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/usr/bin/webmgnt` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-N1 version 2.6.0 **Description** A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. The issue is located in the `update interface png` function within the `/usr/bin/webmgnt` file. Manipulation of the `interface/display name` argument can lead to remote code execution. The exploit for this issue has been publicly disclosed. **Recommendations** Update Comfast CF-N1 to a newer version that addresses this issue. As a temporary workaround, restrict access to the `/usr/bin/webmgnt` file. Avoid using the `interface/display name` argument in the `update interface png` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-8400 version 16.07.26A1 **Description** A stack-based buffer overflow issue exists in the `yyxz dlink asp` function of the `/yyxz.asp` file. Manipulation of the `ID` argument can trigger this issue, allowing for remote exploitation. The exploit for this issue has been publicly released. **Recommendations** As a temporary workaround, consider restricting access to the `/yyxz.asp` file until a fix is available.

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A command injection issue exists in the function `sub 409184` of the file `/wizard rep.shtml`. The manipulation of the argument `sel EncrypTyp` can lead to command injection. This issue is exploitable remotely. The exploit has been made public. Recommendations: As a temporary workaround, consider restricting access to the `/wizard rep.shtml` file until a patch is available. Avoid using the parameter `sel EncrypTyp` in the affected file `/wizard rep.shtml` until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. Manipulation of the arguments `pingFrmWANFilterEnabled`, `blockSynFloodEnabled`, `blockPortScanEnabled`, or `remoteManagementEnabled` within the `firewall.cgi` file and the `sub 401C5C` function can lead to command injection. This manipulation is possible remotely. The exploit has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the `firewall.cgi` file to minimize the risk of exploitation. Disable the `pingFrmWANFilterEnabled`, `blockSynFloodEnabled`, `blockPortScanEnabled`, and `remoteManagementEnabled` arguments.

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. The issue is located in the `/cgi-bin/login.cgi` file, specifically within the `sub 401340/sub 401BA4` function. Manipulation of the `ipaddr` argument can lead to command injection, allowing for remote attacks. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. Recommendations: As a temporary workaround, consider restricting access to the `/cgi-bin/login.cgi` file to minimize the risk of exploitation. Avoid using the `ipaddr` parameter in the `/cgi-bin/login.cgi` endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A security issue has been identified in Wavlink WL-WN578W2. Manipulation of the `delete list` argument in the `/cgi-bin/wireless.cgi` file’s `sub 404850` function can lead to operating system command injection. This issue is remotely exploitable. The exploit has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the `/cgi-bin/wireless.cgi` file to minimize the risk of exploitation. Avoid using the `delete list` parameter in the `/cgi-bin/wireless.cgi` API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in Wavlink WL-WN578W2. The issue resides in the `sub 404DBC` function of the `/cgi-bin/wireless.cgi` file. Manipulation of the `macAddr` argument can lead to operating system command injection. This can be exploited remotely. Recommendations: As a temporary workaround, consider restricting access to the `/cgi-bin/wireless.cgi` file until a patch is available. Avoid using the `macAddr` parameter in the `/cgi-bin/wireless.cgi` endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12 Description: A vulnerability exists in the `sub 48E628` function of the `/goform/SetIpMacBind` file. Manipulation of the argument list leads to a stack-based buffer overflow, potentially allowing for remote exploitation. The exploit has been publicly disclosed and may be used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12 Description: A security flaw has been discovered in Tenda AC20. The vulnerability affects an unknown functionality of the file `/etc ro/shadow`. Manipulation of this file leads to the disclosure of hard-coded credentials. The attack can be launched locally and is considered difficult to exploit. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.