Sheratan

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7100G C1 versions up to 20250928 **Description** A flaw exists in D-Link DI-7100G C1 that allows for remote command injection. This is due to the manipulation of the `iface` argument within the `sub 46409C` function of the `/msp info.htm?flag=qos` file, part of the jhttpd component. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 20250928 should be updated. As a temporary workaround, restrict access to the `/msp info.htm?flag=qos` file. Avoid using the `iface` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7100G C1 versions up to 20250928 **Description** A buffer overflow issue exists in the jhttpd component of D-Link DI-7100G C1. The issue is located in the `sub 4C0990` function of the `/webchat/login.cgi` file. Manipulation of the `openid` argument can trigger the buffer overflow, allowing for remote code execution. The exploit for this issue has been published. **Recommendations** Versions up to 20250928 should be updated to a newer, secure version when available. As a temporary workaround, consider restricting access to the `/webchat/login.cgi` file to minimize the risk of exploitation. Avoid manipulating the `openid` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7100G C1 versions up to 20250928 **Description** A flaw exists in the jhttpd component of D-Link DI-7100G C1. The issue is due to a buffer overflow in the `sub 4BD4F8` function within the `/webchat/hi block.asp` file. The `popupId` argument can be manipulated to trigger this overflow, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Versions up to 20250928 should be updated. As a temporary workaround, consider restricting access to the `/webchat/hi block.asp` file. Avoid using the `popupId` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-852 versions prior to 20251003 **Description** A flaw exists in D-Link DIR-852. This issue affects an unspecified component of the `/HNAP1/` file. Successful manipulation can result in command injection. The attack can be initiated remotely. The exploit is publicly available. This vulnerability impacts products that are no longer supported. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osuuu LightPicture version 1.2.2 **Description** A critical vulnerability has been found in osuuu LightPicture, affecting the function upload of the file /app/controller/Api.php. The manipulation of the `file` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For osuuu LightPicture version 1.2.2, consider disabling the upload function in /app/controller/Api.php until a patch is available to prevent unrestricted file upload. Restrict access to the /app/controller/Api.php file to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zorlan SkyCaiji version 2.9 **Description** A critical vulnerability has been found in Zorlan SkyCaiji, affecting the `fileAction` function of the `vendor/skycaiji/app/admin/controller/Tool.php` file. The manipulation of the `save data` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `fileAction` function until a patch is available. Restrict access to the `vendor/skycaiji/app/admin/controller/Tool.php` file to minimize the risk of exploitation. Avoid using the `save data` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zorlan SkyCaiji version 2.9 **Description** A critical vulnerability was found in Zorlan SkyCaiji, affecting the `previewAction` function of the file `vendor/skycaiji/app/admin/controller/Tool.php`. The manipulation of the `data` argument leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Zorlan SkyCaiji version 2.9, as a temporary workaround, consider disabling the `previewAction` function until a patch is available. Restrict access to the `vendor/skycaiji/app/admin/controller/Tool.php` file to minimize the risk of exploitation. Avoid using the `data` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zyx0814 Pichome version 2.1.0 **Description** A critical issue was found in the software, affecting the /index.php?mod=textviewer endpoint. The manipulation of the `src` argument leads to path traversal. This issue can be exploited remotely. **Recommendations** For version 2.1.0, as a temporary workaround, consider restricting access to the /index.php?mod=textviewer endpoint until a patch is available. Avoid using the `src` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kasuganosoras Pigeon versions 1.0.177 through 1.0.180 **Description** A critical vulnerability was found in Kasuganosoras Pigeon, affecting unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the `url` argument leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. **Recommendations** For Kasuganosoras Pigeon version 1.0.177, upgrade to version 1.0.181 to address the issue. As a temporary workaround, consider restricting access to the `/pigeon/imgproxy/index.php` file until a patch is available. Avoid using the `url` argument in the affected API endpoint until the issue is resolved.