Panda_0Xf1

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A flaw exists in Belkin F9K1015 version 1.00.10 where manipulation of the `command` argument in the file `/goform/mp` can lead to command injection. This issue may be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A security flaw exists in Belkin F9K1015 version 1.00.10. The issue involves a buffer overflow in an unknown function within the `/goform/formWlanMP` file. The `ateFunc` argument can be manipulated to trigger this condition. This allows for remote exploitation, and a public exploit is available. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A buffer overflow issue exists in Belkin F9K1015 version 1.00.10. The issue is related to the manipulation of the `webpage` argument within the file `/goform/formWlanSetupWPS`. This can be exploited remotely through an unknown function. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A security issue exists in Belkin F9K1015 version 1.00.10. The issue involves a buffer overflow that can be triggered remotely by manipulating the `pinCode` argument in the `/goform/formWpsStart` function. The vulnerability impacts an unknown function within the file `/goform/formWpsStart`. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A buffer overflow issue exists in Belkin F9K1015 version 1.00.10. The issue is related to the manipulation of the `L2TPUserName` argument within the file /goform/formL2TPSetup. This allows for remote code execution. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A flaw exists in Belkin F9K1015 version 1.00.10 related to a buffer overflow. The issue is located in the file `/goform/formPPPoESetup`. Manipulation of the `pppUserName` argument causes the overflow. Remote exploitation is possible. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A buffer overflow issue exists in the file `/goform/formPPTPSetup`. Manipulation of the `pptpUserName` argument can trigger this issue, allowing for remote exploitation. The exploit has been publicly disclosed. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A buffer overflow issue exists in Belkin F9K1015 version 1.00.10 due to manipulation of the `webpage` argument when processing the `/goform/formSetLanguage` file. This allows for remote exploitation. An exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A flaw exists in Belkin F9K1015 version 1.00.10 that allows for command injection. The issue is located in the file `/goform/formSetWanStatic`. Manipulation of the `m wan ipaddr` argument can lead to remote code execution. The vulnerability has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1015 version 1.00.10 **Description** A buffer overflow issue exists in Belkin F9K1015. The issue is located in an unknown function within the `/goform/formWanTcpipSetup` file. Manipulation of the `pppUserName` argument can trigger the overflow. The attack can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14(408) Description: A critical issue exists in the Tenda FH1201 router. The `fromPptpUserAdd` function within the `/goform/PPTPDClient` file is susceptible to a stack-based buffer overflow. The vulnerability is triggered by manipulating the `modino/username` argument, allowing for remote exploitation. The exploit has been publicly disclosed. Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `fromPptpUserAdd` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14(408) Description: A critical issue exists in Tenda FH1201. The vulnerability is due to a stack-based buffer overflow in the `fromGstDhcpSetSer` function within the `/goform/GstDhcpSetSer` file. The `dips` argument can be manipulated to trigger this overflow, allowing for remote exploitation. The exploit has been publicly disclosed. Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/GstDhcpSetSer` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1201 version 1.2.0.14(408) **Description** A critical vulnerability exists in the `frmL7ProtForm` function of the `/goform/L7Prot` file. Manipulation of the argument page leads to a stack-based buffer overflow, potentially allowing for remote exploitation. The exploit for this issue has been publicly disclosed and may be actively used. **Recommendations** Tenda FH1201 version 1.2.0.14(408): At the moment, there is no information about a newer version that contains a fix for this vulnerability.