Sovietw0Rm

**Name of the Vulnerable Software and Affected Versions** TP-Link Omada Controller Software version 3.2.6 **Description** The issue allows Directory Traversal for reading arbitrary files via the `com.tp link.eap.web.portal.PortalController.getAdvertiseFile` function in the `/opt/tplink/EAPController/lib/eap-web-3.2.6.jar` file. This can be exploited through the `getAdvertiseFile` function. **Recommendations** For TP-Link Omada Controller Software version 3.2.6, consider restricting access to the `com.tp link.eap.web.portal.PortalController.getAdvertiseFile` function until a patch is available. As a temporary workaround, avoid using the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2020 version 1.01rc001 **Description** The issue is related to a stack-based buffer overflow when handling the `var:page` parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For D-Link DAP-2020 version 1.01rc001, as a temporary workaround, consider restricting access to the "webproc" endpoint until a patch is available. Avoid using the `var:page` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2020 version 1.01rc001 **Description** The issue is related to a stack-based buffer overflow when handling the `var:menu` parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. No authentication is required to exploit this vulnerability. **Recommendations** For D-Link DAP-2020 version 1.01rc001, as a temporary workaround, consider disabling the `webproc` endpoint until a patch is available. Restrict access to the `var:menu` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.