Nabla

**Name of the Vulnerable Software and Affected Versions** ASUS GT-AC5300 devices version 3.0.0.4.384 32738 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device crash due to a NULL pointer dereference. This can be achieved by sending a request that lacks a `timestap` parameter to the `blocking request.cgi` endpoint. **Recommendations** For version 3.0.0.4.384 32738, as a temporary workaround, consider restricting access to the `blocking request.cgi` endpoint until a patch is available. Avoid sending requests without the `timestap` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 A2 version 1.10 B05 **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. This could allow a remote attacker to execute arbitrary commands through shell metacharacters in the `sendNum` parameter of the "/goform/Diagnosis" API endpoint. **Recommendations** For version 1.10 B05, consider restricting access to the "/goform/Diagnosis" API endpoint to minimize the risk of exploitation. Avoid using the `sendNum` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 A2 version 1.10 B05 **Description** The issue is related to a stack-based buffer overflow that can occur when a very long password is sent to the /goform/formLogin endpoint. This can lead to overwriting the return address. The vulnerability is also described as a buffer overflow in the /goform/Diagnosis component of the D-Link DIR-816 A2 router's firmware, which can allow a remote attacker to execute arbitrary code. **Recommendations** For D-Link DIR-816 A2 version 1.10 B05, consider restricting access to the /goform/formLogin and /goform/Diagnosis endpoints to minimize the risk of exploitation. Avoid using very long passwords in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 A2 version 1.10 B05 **Description** An issue exists in the handler function of the "/goform/form2systime.cgi" route, where an HTTP request parameter is used in command string construction. This could lead to command injection via shell metacharacters in the `datetime` parameter. The vulnerability is due to the lack of neutralization of special elements used in the operating system command, which may allow a remote attacker to execute arbitrary commands through shell metacharacters in the `datetime` parameter. **Recommendations** For D-Link DIR-816 A2 version 1.10 B05, as a temporary workaround, consider restricting access to the "/goform/form2systime.cgi" route to minimize the risk of exploitation. Avoid using the `datetime` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 A2 version 1.10 B05 **Description** The issue is related to a stack-based buffer overflow in the handler function of the "/goform/DDNS" route. This overflow can occur when a very long password is used, potentially allowing an attacker to overwrite the return address and execute arbitrary code. The vulnerability is associated with a buffer overflow in the /goform/DDNS component of the D-Link DIR-816 A2 router's firmware. **Recommendations** For D-Link DIR-816 A2 version 1.10 B05, consider restricting access to the "/goform/DDNS" route until a patch is available. As a temporary workaround, avoid using very long passwords for the DDNS configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 A2 version 1.10 B05 **Description** An issue exists due to the lack of neutralization of special elements used in the command string construction within the handler function of the "/goform/sylogapply" route. This could lead to command injection via the `syslogIp` parameter after "/goform/clearlog" is invoked, allowing a remote attacker to execute arbitrary commands. **Recommendations** For D-Link DIR-816 A2 version 1.10 B05, as a temporary workaround, consider restricting access to the "/goform/sylogapply" route and avoid using the `syslogIp` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 A2 version 1.10 B05 **Description** An issue exists in the handler function of the "/goform/NTPSyncWithHost" route, where an HTTP request parameter is used in command string construction. This could lead to command injection via shell metacharacters. The vulnerability in the NTPSyncWithHost function of the D-Link DIR-816 A2 router's firmware exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands through shell metacharacters. **Recommendations** For D-Link DIR-816 A2 version 1.10 B05, as a temporary workaround, consider disabling the "/goform/NTPSyncWithHost" route until a patch is available. Restrict access to this route to minimize the risk of exploitation. Avoid using parameters that could be used for command injection in the affected route until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.