Pfwqdxwdd

**Name of the Vulnerable Software and Affected Versions** UTT 进取 750W versions up to 5.0 **Description** A critical issue was found, affecting the function `formDefineManagement` of the file `/goform/setSysAdm` in the Administrator Password Handler component. The manipulation of the `passwd1` argument leads to unverified password change. This issue can be exploited remotely. **Recommendations** For versions up to 5.0, as a temporary workaround, consider restricting access to the `/goform/setSysAdm` endpoint to minimize the risk of exploitation. Avoid using the `passwd1` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10 versions up to 15.03.06.47 **Description** A critical issue was found in the HTTP Handler component, specifically affecting the `formSetPPTPServer` function of the `/goform/SetPptpServerCfg` file. The manipulation of the `startIp` and `endIp` arguments leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For Tenda AC10 versions up to 15.03.06.47, as a temporary workaround, consider restricting access to the `/goform/SetPptpServerCfg` endpoint until a patch is available. Avoid using the `startIp` and `endIp` arguments in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.