Regainer27

**Name of the Vulnerable Software and Affected Versions** TOTOLINK NR1800X version 9.1.0u.6681 B20230703 **Description** The issue is an authenticated stack overflow that occurs via the `text` parameter in the `setSmsCfg` function. This allows for potential exploitation. **Recommendations** For TOTOLINK NR1800X version 9.1.0u.6681 B20230703, consider restricting access to the `setSmsCfg` function until a patch is available. As a temporary workaround, avoid using the `text` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALFA AIP-W512 version 3.2.2.2.3 **Description** The issue is related to an authenticated stack overflow that can be triggered via the `targetAPMac` parameter in the `formWsc` function. **Recommendations** For ALFA AIP-W512 version 3.2.2.2.3, consider restricting access to the `formWsc` function to minimize the risk of exploitation. Avoid using the `targetAPMac` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALFA AIP-W512 version 3.2.2.2.3 **Description** The issue is related to an authenticated stack overflow. It occurs via the `torrentsindex` parameter in the `formBTClinetSetting` function. **Recommendations** For ALFA AIP-W512 version 3.2.2.2.3, consider disabling the `formBTClinetSetting` function until a patch is available to prevent exploitation of the authenticated stack overflow via the `torrentsindex` parameter.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK NR1800X version 9.1.0u.6681 B20230703 **Description** The issue is an authenticated stack overflow that occurs via the `ssid` parameter in the `setWiFiBasicCfg` function. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For TOTOLINK NR1800X version 9.1.0u.6681 B20230703, consider disabling the `setWiFiBasicCfg` function until a patch is available to prevent exploitation via the `ssid` parameter. Avoid using the `ssid` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK NR1800X version 9.1.0u.6681 B20230703 **Description** The issue is an authenticated stack overflow that occurs via the `ssid` parameter in the `setWiFiGuestCfg` function. This allows for potential exploitation. **Recommendations** For TOTOLINK NR1800X version 9.1.0u.6681 B20230703, consider restricting access to the `setWiFiGuestCfg` function until a patch is available. Avoid using the `ssid` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15 **Description** The web interface of the firmware contains a command injection issue due to insufficient data sanitization at the control level. This allows a remote attacker to escalate privileges and execute arbitrary commands via the `partition` variable in the '/boafrm/formDiskFormat' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 **Description** The web interface of the firmware contains a command injection issue due to insufficient data sanitization at the control level. A remote attacker can exploit this by sending crafted data to the '/boafrm/formDiskCreateGroup' endpoint using the `groupname` parameter, which may allow the attacker to escalate privileges and execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 **Description** A command injection issue exists due to a lack of input validation. This allows a remote attacker to execute arbitrary commands via the `foldername` variable in the '/boafrm/formDiskCreateShare' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15 **Description** A stack overflow issue was discovered in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 via the `peerPin` parameter in the `formWsc` function. **Recommendations** For Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15, as a temporary workaround, consider disabling the `formWsc` function until a patch is available. Restrict access to the `peerPin` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK NR1800X version 9.1.0u.6681 B20230703 **Description** The issue is an authenticated stack overflow that occurs via the `ssid5g` parameter in the `setWiFiEasyCfg` function. This allows for potential exploitation. **Recommendations** For TOTOLINK NR1800X version 9.1.0u.6681 B20230703, consider restricting access to the `setWiFiEasyCfg` function until a patch is available. Avoid using the `ssid5g` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK NR1800X version 9.1.0u.6681 B20230703 **Description** The issue is an authenticated stack overflow that occurs via the `ssid5g` parameter in the `setWiFiEasyGuestCfg` function. This allows for potential exploitation. **Recommendations** For TOTOLINK NR1800X version 9.1.0u.6681 B20230703, consider disabling the `setWiFiEasyGuestCfg` function until a patch is available to prevent exploitation through the `ssid5g` parameter.

**Name of the Vulnerable Software and Affected Versions** Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15 **Description** A command injection issue was discovered via the `fota url` in the "/boafrm/formLtefotaUpgradeQuectel" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15, consider restricting access to the `/boafrm/formLtefotaUpgradeQuectel` API endpoint to minimize the risk of exploitation. Avoid using the `fota url` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.