Sunnyyangyaya

Name of the Vulnerable Software and Affected Versions TOTOlink A3600R version 5.9c.4959 Description The TOTOlink A3600R version 5.9c.4959 contains a buffer overflow flaw in the `setAppEasyWizardConfig` interface of `/lib/cste modules/app.so`. The issue is due to insufficient validation of the length of the `rootSsid` parameter, which can allow a remote attacker to trigger a buffer overflow, potentially resulting in arbitrary code execution or denial of service. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `setAppEasyWizardConfig` interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3100R version 5.9c.1527 **Description** The issue is related to a buffer overflow that can be triggered via the `urlKeyword` parameter in the `setParentalRules` function. This allows for potential exploitation. **Recommendations** For TOTOLINK A3100R version 5.9c.1527, consider restricting access to the `setParentalRules` function until a patch is available, and avoid using the `urlKeyword` parameter in this function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TOTOlink A950RG version 4.1.2cu.5204 B20210112 **Description** The issue arises from improper input validation of the `NoticeUrl` parameter in the `setNoticeCfg` interface of the `/lib/cste modules/system.so` module. This leads to a buffer overflow. **Recommendations** For TOTOlink A950RG version 4.1.2cu.5204 B20210112, consider restricting access to the `setNoticeCfg` interface in the `/lib/cste modules/system.so` module to minimize the risk of exploitation. Avoid using the `NoticeUrl` parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3100R version 5.9c.1527 **Description** The issue is related to a Buffer Overflow that can be triggered through the `comment` parameter in the `setIpPortFilterRules` function. This allows for potential exploitation. **Recommendations** For TOTOLINK A3100R version 5.9c.1527, consider restricting access to the `setIpPortFilterRules` function until a patch is available, and avoid using the `comment` parameter in this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3100R version 5.9c.1527 **Description** The issue is related to a Buffer Overflow that can be triggered via the `comment` parameter in the `setMacFilterRules` function. This allows for potential exploitation. **Recommendations** For TOTOLINK A3100R version 5.9c.1527, as a temporary workaround, consider restricting access to the `setMacFilterRules` function until a patch is available. Avoid using the `comment` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3100R version 5.9c.1527 **Description** The issue is related to a Buffer Overflow that can be triggered via the `priority` parameter in the `setMacQos` interface of `/lib/cste modules/firewall.so`. This can be accessed through the API endpoint `/lib/cste modules/firewall.so`. **Recommendations** For TOTOLINK A3100R version 5.9c.1527, as a temporary workaround, consider restricting access to the `setMacQos` interface in `/lib/cste modules/firewall.so` to minimize the risk of exploitation. Avoid using the `priority` parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A950RG version 4.1.2cu.5204 B20210112 **Description** A command execution issue exists, located in the setNoticeCfg interface within the /lib/cste modules/system.so library, specifically in the processing of the `IpTo` parameter. **Recommendations** For TOTOLINK A950RG version 4.1.2cu.5204 B20210112, as a temporary workaround, consider restricting access to the setNoticeCfg interface within the /lib/cste modules/system.so library to minimize the risk of exploitation. Avoid using the `IpTo` parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOlink A3002R version V1.1.1-B20200824.0128 **Description** The issue arises from a buffer overflow due to improper input validation of the `pppoe dns1` parameter in the `formIpv6Setup` interface of the `/bin/boa` endpoint. **Recommendations** For TOTOlink A3002R version V1.1.1-B20200824.0128, as a temporary workaround, consider restricting access to the `formIpv6Setup` interface in the `/bin/boa` endpoint to minimize the risk of exploitation. Avoid using the `pppoe dns1` parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.