Smitug01

**Name of the Vulnerable Software and Affected Versions** Jinher OA C6 versions prior to 20260210 **Description** A flaw exists in Jinher OA C6 that allows for SQL injection. The issue stems from improper handling of input in the `/C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx` file. Specifically, manipulation of the `id` and `offsnum` arguments can lead to SQL injection. This allows for remote exploitation. The details of the exploit have been publicly disclosed. **Recommendations** Install a patch to address this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810G version 1.7.7-171114 **Description** A buffer overflow issue exists in the `strcpy` function within the `/goform/ConfigExceptAli` file of UTT HiPER 810G version 1.7.7-171114. The `strcpy` function lacks bounds checking, allowing malicious input to overflow the buffer. This can potentially lead to arbitrary code execution or system crashes. The issue is remotely exploitable. **Recommendations** UTT HiPER 810G version 1.7.7-171114: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH451 versions up to 1.0.0.9 **Description** A buffer overflow issue exists in Tenda FH451. The issue is related to the processing of the file `/goform/GstDhcpSetSer`. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a version later than 1.0.0.9.