Newym

**Name of the Vulnerable Software and Affected Versions** Totolink NR1800X version 9.1.0u.6279 B20210910 **Description** A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the `find host ip()` function improperly handles the `Host` argument, allowing a remote attacker to execute the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink NR1800X version 9.1.0u.6279 B20210910 **Description** A remote command injection issue exists in the `/cgi-bin/cstecgi.cgi` endpoint. The flaw is located within the `sub 41A68C()` function and is triggered by manipulating the `setUssd` variable. **Recommendations** As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` endpoint or avoid using the `setUssd` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 750W versions up to 5.0 **Description** A critical issue affects the `strcpy` function of the `/goform/setSysAdm` component API. The manipulation of the `passwd1` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For UTT 进取 750W versions up to 5.0, as a temporary workaround, consider disabling the `strcpy` function in the `/goform/setSysAdm` API endpoint until a patch is available. Restrict access to the `/goform/setSysAdm` endpoint to minimize the risk of exploitation. Avoid using the `passwd1` argument in the affected API endpoint until the issue is resolved.