Pjqwudi

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

**Name of the Vulnerable Software and Affected Versions** NETGEAR devices (affected versions not specified) **Description** Insufficient input validation allows authenticated administrators connected to the local network to tamper with the router's integrity.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A weakness exists in multiple D-Link devices. The `Local Backup Info` function within the `/cgi-bin/local backup mgr.cgi` file is susceptible to a stack-based buffer overflow. Manipulation of the `f idx` argument triggers this issue, and the attack can be initiated remotely. An exploit for this issue has been publicly released. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in several D-Link devices. The issue is located in the `cgi create import users`/`cgi user batch create`/`cgi user set quota`/`cgi user del`/`cgi user modify`/`cgi group set quota`/`cgi group modify`/`cgi group add`/`cgi user add`/`cgi get modify group info`/`cgi chg admin pw` functions within the `/cgi-bin/account mgr.cgi` file. This allows for remote execution of commands through manipulation of the affected functions. The exploit is publicly available and may be used to compromise systems. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A security issue exists in D-Link devices due to a command injection flaw. The `cgi tm set share` function within the `/cgi-bin/time machine.cgi` file is susceptible to this issue. Manipulation of the `Name` argument can lead to command injection, allowing for remote attacks. The exploit for this issue has been publicly released. **Recommendations** D-Link DNS-120: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-202L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-315L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320LW: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-321: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-322L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-323: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-325: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-327L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-340L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-343: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-345: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-726-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1100-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1200-05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1550-04: Update to a version after 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A stack-based buffer overflow condition exists in the `cgi myfavorite del user`/`cgi myfavorite verify` function within the `/cgi-bin/gui mgr.cgi` file. This issue can be triggered remotely through manipulation. The exploit for this issue is publicly available. **Recommendations** For D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04, update to a version later than 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 versions prior to 20260205 **Description** A security issue has been identified in multiple D-Link Network Attached Storage (NAS) devices. The `Downloads Schedule Info` function within the `/cgi-bin/download mgr.cgi` file is susceptible to a stack-based buffer overflow. This manipulation can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823G version 1.0.2B05 **Description** A security issue has been identified in the D-Link DIR-823G. The problem stems from improper access controls within the `goahead` component, specifically related to the following functions: `GetDDNSSettings`, `GetDeviceDomainName`, `GetDeviceSettings`, `GetDMZSettings`, `GetFirewallSettings`, `GetGuestNetworkSettings`, `GetLanWanConflictInfo`, `GetLocalMacAddress`, `GetNetworkSettings`, `GetQoSSettings`, `GetRouterInformationSettings`, `GetRouterLanSettings`, `GetWanSettings`, `SetAccessCtlList`, `SetAccessCtlSwitch`, `SetDeviceSettings`, `SetGuestWLanSettings`, `SetIPv4FirewallSettings`, `SetNetworkSettings`, `SetNetworkTomographySettings`, `SetNTPServerSettings`, `SetRouterLanSettings`, `SetStaticClientInfo`, `SetStaticRouteSettings`, `SetWLanRadioSecurity`, `SetWPSSettings`, and `UpdateClientInfo`. This allows for remote manipulation. The exploit for this issue has been made public. It is important to note that this vulnerability affects products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A stack-based buffer overflow exists in the goahead component of D-Link DIR-816 version 1.10CNB05. The issue is located in the file '/goform/form2Wl5BasicSetup.cgi'. Manipulation of the `pskValue` argument can trigger the overflow, allowing for remote exploitation. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A security issue has been identified in D-Link DIR-816 version 1.10CNB05. The issue affects an unknown function within the file `/goform/form2WlanBasicSetup.cgi` of the `goahead` component. Manipulation of the `pskValue` argument can lead to a stack-based buffer overflow. This can be exploited remotely. The exploit for this issue has been publicly disclosed. This vulnerability only impacts products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A weakness exists in D-Link DIR-816 version 1.10CNB05. The issue affects an unknown function within the `/goform/form2Wl5RepeaterStep2.cgi` file of the `goahead` component. Manipulation of the `key1/key2/key3/key4/pskValue` argument results in a stack-based buffer overflow. Remote exploitation is possible, and a public exploit is available. This vulnerability impacts products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.06B01 **Description** A security issue has been identified in the D-Link DIR-619L. The `formSchedule` function within the `boa` component, located in the file `/goform/formSchedule`, is susceptible to a stack-based buffer overflow. This occurs when the `curTime` argument is manipulated. The issue can be exploited remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A flaw exists in D-Link DIR-816, specifically within the goahead component’s `redirect.asp` file. Manipulation of the `token id` argument can lead to improper access controls. This issue can be exploited remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816 version 1.10CNB05 **Description** A security issue has been identified in D-Link DIR-816 version 1.10CNB05. The issue affects an unknown function within the `/goform/form2RepeaterStep2.cgi` file of the `goahead` component. Manipulating the `key1/key2/key3/key4/pskValue` argument can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit for this issue has been publicly released. This vulnerability only impacts products that are no longer supported by the vendor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 **Description** A security issue exists in D-Link DIR-605L and DIR-619L. The issue resides in an unknown function within the Wifi Setting Handler component. A manipulation of this component can lead to information disclosure. The attack can be initiated remotely. The exploit for this issue has been made publicly available. It is important to note that these products are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 **Description** A weakness exists in D-Link DIR-605L and DIR-619L routers. The issue is related to an unknown function within the DHCP Client Information Handler component. A manipulation of this component can result in information disclosure. The attack can be initiated remotely, and an exploit is publicly available. It is important to note that these products are no longer supported by the maintainer. **Recommendations** D-Link DIR-605L version 2.06B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-619L version 2.06B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-605L version 2.13B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DIR-619L version 2.13B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 **Description** A security issue has been identified in D-Link DIR-605L and DIR-619L routers. The issue resides in an unknown function within the `/wan connection status.asp` file of the DHCP Connection Status Handler component, leading to information disclosure. Remote exploitation is possible, and the exploit has been publicly disclosed. These products are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 **Description** A stack-based buffer overflow exists in the `AP get wireless clientlist setClientsName` function within the `mod form.so` file. Manipulation of the `clientsname 0` argument can trigger this issue, allowing for remote exploitation. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Linksys RE6500 version 1.0.013.001 should be updated. Linksys RE6500 version 1.0.04.001 should be updated. Linksys RE6500 version 1.0.04.002 should be updated. Linksys RE6500 version 1.1.05.003 should be updated. Linksys RE6500 version 1.2.07.001 should be updated. Linksys RE6250 version 1.0.013.001 should be updated. Linksys RE6250 version 1.0.04.001 should be updated. Linksys RE6250 version 1.0.04.002 should be updated. Linksys RE6250 version 1.1.05.003 should be updated. Linksys RE6250 version 1.2.07.001 should be updated. Linksys RE6300 version 1.0.013.001 should be updated. Linksys RE6300 version 1.0.04.001 should be updated. Linksys RE6300 version 1.0.04.002 should be updated. Linksys RE6300 version 1.1.05.003 should be updated. Linksys RE6300 version 1.2.07.001 should be updated. Linksys RE6350 version 1.0.013.001 should be updated. Linksys RE6350 version 1.0.04.001 should be updated. Linksys RE6350 version 1.0.04.002 should be updated. Linksys RE6350 version 1.1.05.003 should be updated. Linksys RE6350 version 1.2.07.001 should be updated. Linksys RE7000 version 1.0.013.001 should be updated. Linksys RE7000 version 1.0.04.001 should be updated. Linksys RE7000 version 1.0.04.002 should be updated. Linksys RE7000 version 1.1.05.003 should be updated. Linksys RE7000 version 1.2.07.001 should be updated. Linksys RE9000 version 1.0.013.001 should be updated. Linksys RE9000 version 1.0.04.001 should be updated. Linksys RE9000 version 1.0.04.002 should be updated. Linksys RE9000 version 1.1.05.003 should be updated. Linksys RE9000 version 1.2.07.001 should be updated.

**Name of the Vulnerable Software and Affected Versions** Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 versions 1.0.013.001 through 1.2.07.001 Linksys RE9000 versions 1.0.013.001 through 1.2.07.001 **Description** A stack-based buffer overflow exists in the `RE2000v2Repeater get wireless clientlist setClientsName` function within the `mod form.so` file. Manipulation of the `clientsname 0` argument can trigger this issue, allowing for remote exploitation. The vulnerability has been publicly disclosed. **Recommendations** Linksys RE6500 versions 1.0.013.001 through 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 versions 1.0.013.001 through 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 versions 1.0.013.001 through 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 versions 1.0.013.001 through 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 versions 1.0.013.001 through 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 versions 1.0.013.001 through 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 versions 1.0.013.001 through 1.2.07.001 Linksys RE9000 versions 1.0.013.001 through 1.2.07.001 **Description** A stack-based buffer overflow issue exists in the `AP get wired clientlist setClientsName` function within the `mod form.so` file. The issue is triggered by manipulating the `clientsname 0` argument. This allows for remote attacks. The exploit is publicly available. **Recommendations** Linksys RE6500 versions prior to 1.2.07.001 Linksys RE6250 versions prior to 1.2.07.001 Linksys RE6300 versions prior to 1.2.07.001 Linksys RE6350 versions prior to 1.2.07.001 Linksys RE7000 versions prior to 1.2.07.001 Linksys RE9000 versions prior to 1.2.07.001