N1Neman

**Name of the Vulnerable Software and Affected Versions** DrayTek Vigor 3900 versions prior to v1.5.1.5 Beta DrayTek Vigor 2960 versions prior to v1.5.1.5 Beta DrayTek Vigor 300B versions prior to v1.5.1.5 Beta **Description** A command injection vulnerability was discovered via the `action` parameter at the "cgi-bin/mainfunction.cgi" endpoint. This issue allows for command injection, potentially leading to unauthorized access or control. **Recommendations** For DrayTek Vigor 3900 versions prior to v1.5.1.5 Beta, update to version v1.5.1.5 Beta or later. For DrayTek Vigor 2960 versions prior to v1.5.1.5 Beta, update to version v1.5.1.5 Beta or later. For DrayTek Vigor 300B versions prior to v1.5.1.5 Beta, update to version v1.5.1.5 Beta or later. As a temporary workaround, consider restricting access to the "cgi-bin/mainfunction.cgi" endpoint until a patch is available. Avoid using the `action` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Algorithms - C versions through e5dad3f **Description** The issue is related to a segmentation fault caused by deep recursion in the binary insertion sort.c file. This may impact common use cases, such as sorting an array of 50 elements. **Recommendations** For versions through e5dad3f, consider revising the `binary insertion sort` function to prevent deep recursion, potentially by implementing an iterative approach or optimizing the recursive calls to avoid stack overflow.