Ruler-Chovy

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 520 version 1.7.7-160105 **Description** A security issue exists in UTT HiPER 520. The `sub 44D264` function within the `/goform/formPdbUpConfig` file of the Web Management Interface is susceptible to operating system command injection. This occurs through manipulation of the `policyNames` argument, and the attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Apply a fix to the `sub 44D264` function in the `/goform/formPdbUpConfig` file to prevent manipulation of the `policyNames` argument.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 520 version 1.7.7-160105 **Description** A flaw exists in the Web Management Interface component of UTT HiPER 520. Specifically, manipulating the `Isp Name` argument within the `sub 44EFB4` function of the `/goform/formReleaseConnect` file can lead to operating system command injection. This allows for remote attacks. The exploit for this issue is publicly available. **Recommendations** Apply a fix to the `sub 44EFB4` function in the `/goform/formReleaseConnect` file to prevent manipulation of the `Isp Name` argument.

**Name of the Vulnerable Software and Affected Versions** SECCN Dingcheng G10 version 3.1.0.181203 **Description** A security issue has been identified in SECCN Dingcheng G10 version 3.1.0.181203. The `qq` function within the `/cgi-bin/session login.cgi` file is susceptible to operating system command injection. Manipulation of the `User` parameter can lead to remote execution of arbitrary commands. The exploit for this issue has been publicly disclosed. The attack can be carried out remotely. **Recommendations** Versions prior to 3.1.0.181203 are affected. As a temporary workaround, consider restricting access to the `/cgi-bin/session login.cgi` file until a fix is available. Avoid using the `User` parameter in the `/cgi-bin/session login.cgi` endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-931L versions up to 1.13.0 **Description** A flaw exists in the `doSystem` function within the `/setSystemAdmin` file of the D-Link DCS-931L. Manipulating the `AdminID` argument can lead to command injection. This issue can be exploited remotely. The exploit has been publicly released. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** Versions prior to 1.13.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.