Sta8R9

**Name of the Vulnerable Software and Affected Versions** JD Cloud BE6500 version 4.4.1.r4308 **Description** A command injection issue exists in JD Cloud BE6500 version 4.4.1.r4308. The issue is located in the `/jdcapi` file and affects the `sub 4780` function. Manipulation of the `ddns name` argument can lead to command injection, and the attack can be performed remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GL.iNet GL-A1300 Slate Plus version 4.x GL.iNet GL-AR300M16 Shadow version 4.x GL.iNet GL-AR300M Shadow version 4.x GL.iNet GL-AR750 Creta version 4.x GL.iNet GL-AR750S-EXT Slate version 4.x GL.iNet GL-AX1800 Flint version 4.x GL.iNet GL-AXT1800 Slate AX version 4.x GL.iNet GL-B1300 Convexa-B version 4.x GL.iNet GL-B3000 Marble version 4.x GL.iNet GL-BE3600 Slate 7 version 4.x GL.iNet GL-E750 version 4.x GL.iNet GL-E750V2 Mudi version 4.x GL.iNet GL-MT300N-V2 Mango version 4.x GL.iNet GL-MT1300 Beryl version 4.x GL.iNet GL-MT2500 Brume 2 version 4.x GL.iNet GL-MT3000 Beryl AX version 4.x GL.iNet GL-MT6000 Flint 2 version 4.x GL.iNet GL-SFT1200 Opal version 4.x GL.iNet GL-X300B Collie version 4.x GL.iNet GL-X750 Spitz version 4.x GL.iNet GL-X3000 Spitz AX version 4.x GL.iNet GL-XE300 Puli version 4.x GL.iNet GL-XE3000 Puli AX version 4.x **Description** A critical vulnerability has been found in the RPC Handler component of the affected GL.iNet devices. The issue is related to an unknown function of the file plugins.so, which leads to a buffer overflow when manipulated. **Recommendations** To resolve the issue, it is recommended to upgrade the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability has been found in H3C Magic devices, affecting the function `FCGI CheckStringIfContainsSemicolon` of the file "/api/wizard/getBasicInfo" of the component HTTP POST Request Handler. This leads to command injection. The attack can only be done within the local network. Recommendations: For H3C Magic NX15 versions up to V100R014, upgrade the affected component to a newer version. For H3C Magic NX30 Pro versions up to V100R014, upgrade the affected component to a newer version. For H3C Magic NX400 versions up to V100R014, upgrade the affected component to a newer version. For H3C Magic R3010 versions up to V100R014, upgrade the affected component to a newer version. For H3C Magic BE18000 versions up to V100R014, upgrade the affected component to a newer version. As a temporary workaround, consider disabling the `FCGI CheckStringIfContainsSemicolon` function until a patch is available. Restrict access to the "/api/wizard/getBasicInfo" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X versions 240126/240802 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the function `sub 41710C` of the file `/goform/diag nslookup`. The manipulation of the `target addr` argument leads to os command injection. This issue can be exploited remotely. **Recommendations** For D-Link DIR-823X versions 240126/240802, as a temporary workaround, consider disabling the `sub 41710C` function until a patch is available. Restrict access to the `/goform/diag nslookup` file to minimize the risk of exploitation. Avoid using the `target addr` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.