Skyvast404

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the `formAdvanceSetup` function, allowing attackers to cause a Denial of Service (DoS) via the webpage parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the `formAdvanceSetup` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the function formSetWanNonLogin, allowing attackers to cause a Denial of Service (DoS) via the `curTime` parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the formSetWanNonLogin function until a patch is available. Restrict access to the `curTime` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the function formSetWanPPPoE, allowing attackers to cause a Denial of Service (DoS) via the `curTime` parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the formSetWanPPPoE function until a patch is available. Restrict access to the `curTime` parameter in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the function formSetWanPPTP, allowing attackers to cause a Denial of Service (DoS) via the `curTime` parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the `formSetWanPPTP` function until a patch is available. Restrict access to the `curTime` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the function formSetWanL2TP, allowing attackers to cause a Denial of Service (DoS) via the `curTime` parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the formSetWanL2TP function until a patch is available. Restrict access to the `curTime` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the function formSetWanDhcpplus, allowing attackers to cause a Denial of Service (DoS) via the `curTime` parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the formSetWanDhcpplus function until a patch is available. Avoid using the `curTime` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the `formdumpeasysetup` function, allowing attackers to cause a Denial of Service (DoS) via the `config.save network enabled` parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the `formdumpeasysetup` function until a patch is available. Restrict access to the `config.save network enabled` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the `formWlanSetup` function, allowing attackers to cause a Denial of Service (DoS) via the webpage parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the `formWlanSetup` function until a patch is available. Restrict access to the webpage parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619 Ax version 1.00 **Description** A stack overflow was discovered in the `formWlanWizardSetup` function, allowing attackers to cause a Denial of Service (DoS) via the webpage parameter. **Recommendations** For D-Link DIR-619 Ax version 1.00, as a temporary workaround, consider disabling the `formWlanWizardSetup` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 **Description** A remote code execution issue was discovered in the get cgi from memory component. This issue can be triggered by a crafted packet, allowing for potential exploitation. **Recommendations** For versions prior to 1.0.0.r11700, update to version 1.0.0.r11700 or later to resolve the issue. As a temporary workaround, consider restricting access to the get cgi from memory component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 **Description** A remote code execution issue was discovered in the config ovpn component. This issue can be triggered by a crafted packet, allowing for potential exploitation. **Recommendations** For versions prior to v1.0.0.r11700, update to version v1.0.0.r11700 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 **Description** The issue is related to a remote code execution (RCE) vulnerability. It is triggered via a crafted packet and involves the function sub 1791C. **Recommendations** For versions prior to v1.0.0.r11700, update to version v1.0.0.r11700 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 **Description** A remote code execution issue was discovered, which can be triggered by a crafted packet via the function sub 12028. **Recommendations** For versions prior to 1.0.0.r11700, update to version 1.0.0.r11700 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 **Description** The issue is related to a remote code execution vulnerability. It is triggered via a crafted packet and involves the function sub 122D0. **Recommendations** For versions prior to v1.0.0.r11700, update to version v1.0.0.r11700 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function sub 122D0 until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 **Description** A remote code execution issue was discovered, which can be triggered by a crafted packet via the function sub 10F2C. **Recommendations** For versions prior to 1.0.0.r11700, update to version 1.0.0.r11700 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 **Description** The issue allows for arbitrary file deletion via the function sub 17C08. **Recommendations** For versions prior to 1.0.0.r11700, update to version 1.0.0.r11700 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 **Description** The issue allows for an arbitrary file read via the function `sub 177E0`. **Recommendations** For versions prior to v1.0.0.r11700, update to version v1.0.0.r11700 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the `web exec` parameter at the "/apply.cgi" API endpoint. **Recommendations** For versions prior to 1.0.0.r11700, update to version 1.0.0.r11700 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/apply.cgi" API endpoint to minimize the risk of exploitation. Avoid using the `web exec` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.11 **Description** The issue allows NULL pointer dereferences via crafted input files, which can lead to potential security problems. **Recommendations** For GNU LibreDWG versions prior to 0.11, update to version 0.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.9.4 **Description** The issue is related to a denial of service in the `bit calc CRC` function in `bits.c`, caused by crafted input that affects a for loop. **Recommendations** For GNU LibreDWG versions prior to 0.9.4, update to version 0.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the input to the `bit calc CRC` function in `bits.c` to prevent crafted input from causing a denial of service.