Rgyue

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A buffer overflow issue exists in the file `/usr/sbin/http eshell server` component WIRELESSCFGGET Interface of Shiguangwu sgwbox N3. The manipulation of the `params` argument can lead to a buffer overflow, potentially allowing for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations** Disable the WIRELESSCFGGET Interface as a temporary workaround until a patch is available. Restrict access to the file `/usr/sbin/http eshell server` to minimize the risk of exploitation. Avoid using the `params` argument in the WIRELESSCFGGET Interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ugreen DH2100+ versions up to 5.3.0 **Description** A flaw exists in the USB Handler component of Ugreen DH2100+ that allows for symlink following. This issue can be directly exploited on the physical device. The exploit has been publicly disclosed. The vendor was informed of the issue but did not provide a response. **Recommendations** Restrict physical access to the device.

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A flaw exists in Shiguangwu sgwbox N3, specifically within the POST Message Handler component and the `/fsnotify` file. Improper authentication can be triggered by manipulating the `token` argument, allowing for remote exploitation. The exploit details have been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A path traversal issue exists in Shiguangwu sgwbox N3 version 2.0.25. The issue is located in an unknown function within the `/eshell` file of the API component. This allows for remote attacks through manipulation. The exploit is publicly available, and the vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A flaw exists in the SHARESERVER Feature of the software that allows for remote command injection. The issue stems from the manipulation of the `params` argument within an unknown function. This manipulation can be initiated remotely, potentially granting an attacker full system control. The exploit has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Versions prior to 2.0.25 are potentially affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A command injection issue exists in the NETREBOOT Interface component of the software. This manipulation can be launched remotely and allows for command execution. The vulnerable file is located at `/usr/sbin/http eshell server`, and an unknown function within this file is affected. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the NETREBOOT Interface component until a patch is available. Restrict access to the `/usr/sbin/http eshell server` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A security flaw exists in Shiguangwu sgwbox N3 2.0.25 within the DOCKER Feature. Manipulation of the `params` argument in an unknown function of the file `/usr/sbin/http eshell server` can lead to command injection. This issue is remotely exploitable. The exploit has been publicly released, and the vendor has not responded to reports about this disclosure. **Recommendations** Restrict access to the `/usr/sbin/http eshell server` file. As a temporary workaround, consider disabling the DOCKER Feature until a patch is available. Monitor network traffic for suspicious activity related to the affected component.

**Name of the Vulnerable Software and Affected Versions** Shiguangwu sgwbox N3 version 2.0.25 **Description** A buffer overflow weakness exists in the file `/usr/sbin/http eshell server` of the WIREDCFGGET Interface component. Manipulation of the `params` argument can trigger this issue, potentially allowing for remote exploitation. A public exploit is available. The vendor was notified but did not respond. **Recommendations** Shiguangwu sgwbox N3 version 2.0.25: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yottamaster DM2 versions prior to 1.2.23 Yottamaster DM3 versions prior to 1.2.23 Yottamaster DM200 versions prior to 1.2.23 Yottamaster DM2 versions prior to 1.9.12 Yottamaster DM3 versions prior to 1.9.12 Yottamaster DM200 versions prior to 1.9.12 **Description** A path traversal issue exists in the File Upload component of Yottamaster DM2, DM3, and DM200 devices. Manipulation of this component can lead to path traversal, allowing for remote exploitation. The exploit for this issue has been publicly released. The vendor was informed of this disclosure but did not provide a response. **Recommendations** Yottamaster DM2 versions prior to 1.2.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM3 versions prior to 1.2.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM200 versions prior to 1.2.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM2 versions prior to 1.9.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM3 versions prior to 1.9.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM200 versions prior to 1.9.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability.