Rabbitpro

**Name of the Vulnerable Software and Affected Versions** AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of APP files, specifically due to the process loading a library from an unsecured location. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000), consider restricting access to unsecured locations where libraries are loaded to minimize the risk of exploitation. As a temporary workaround, avoid handling APP files from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV Series Routers versions RV160, RV260, RV340, and RV345 **Description** The issue is caused by a stack-based buffer overflow in the SSL VPN module of the Cisco Small Business RV340, RV340W, RV345, and RV345P routers. This can be exploited by a remote attacker using a specially crafted HTTP request, allowing them to execute arbitrary code with root privileges. The vulnerability can also lead to elevation of privileges, execution of arbitrary commands, bypassing of authentication and authorization protections, fetching and running unsigned software, and denial of service (DoS). **Recommendations** For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, update to a fixed version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer C90 version 1.0.6 Build 20200114 rel.73164(5553) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 routers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For TP-Link Archer C90 version 1.0.6 Build 20200114 rel.73164(5553), as a temporary workaround, consider restricting access to the DNS response handling mechanism until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WA1201 version 1.0.1 Build 20200709 rel.66244(5553) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 wireless access points. Authentication is not required to exploit this issue. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For TP-Link TL-WA1201 version 1.0.1 Build 20200709 rel.66244(5553), as a temporary workaround, consider disabling the handling of DNS responses until a patch is available. Restrict access to the DNS handling module to minimize the risk of exploitation. Avoid using crafted DNS messages in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Arlo Q Plus version 1.9.0.3 278 **Description** This issue allows attackers with physical access to escalate privileges on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the SSH service, where the device can be booted into a special operation mode and hard-coded credentials are accepted for SSH authentication. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of root. **Recommendations** For Arlo Q Plus version 1.9.0.3 278, as a temporary workaround, consider disabling the SSH service until a patch is available. Restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: NETGEAR R7800 firmware version 1.0.2.76 Description: This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the downloading of files via FTP, resulting from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of root. Recommendations: For NETGEAR R7800 firmware version 1.0.2.76, consider disabling FTP file downloads until a patch is available to prevent exploitation. Restrict access to the FTP service to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: NETGEAR Nighthawk R7800 (affected versions not specified) Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within handling of firmware updates, resulting from a fallback to an insecure protocol to deliver updates. An attacker can leverage this issue to execute code in the context of root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: TP-Link Archer A7 versions prior to Archer C7(US) V5 210125 and Archer A7(US) V5 200220 Description: This issue allows for a firewall bypass on affected installations. It does not require authentication to exploit. The flaw exists within the handling of IPv6 connections, specifically due to the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this, potentially in conjunction with other issues, to execute code in the context of root. Recommendations: For TP-Link Archer A7 versions prior to Archer C7(US) V5 210125 and Archer A7(US) V5 200220, update to a version that includes the necessary security patches to address the firewall bypass issue. As a temporary workaround, consider restricting IPv6 SSH connections to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** tdpServer on TP-Link Archer A7 AC1750 devices before 201029 **Description** The issue allows remote attackers to execute arbitrary code via the `slave mac` parameter. This is due to an incomplete fix for a previous issue, where shell quotes are mishandled. **Recommendations** For versions before 201029, update to version 201029 or later to resolve the issue. As a temporary workaround, consider restricting access to the `slave mac` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `acsd` service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of the admin user. **Recommendations** For NETGEAR R6700 version 1.0.4.84 10.0.58, as a temporary workaround, consider disabling the `acsd` service until a patch is available. Restrict access to TCP port 5916 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84 10.0.58 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `check ra` service. A crafted `raePolicyVersion` in a `RAE Policy.json` file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84 10.0.58, consider disabling the `check ra` service until a patch is available. Restrict access to the `RAE Policy.json` file to minimize the risk of exploitation. Avoid using crafted `raePolicyVersion` values in the `RAE Policy.json` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.