Swind1Er

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: A buffer overflow exists in the `hostname` parameter at the `/boafrm/formMapDelDevice` API endpoint of the TOTOLINK A3002R router. This issue allows attackers to cause a Denial of Service (DoS) through a crafted input. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AX2 Pro home router version DI 7003G-19.12.24A1V16.03.29.50 **Description** A command execution issue exists, allowing an attacker to construct a malicious payload and execute commands. This can lead to obtaining shell access to the router's file system with the highest privileges. **Recommendations** For AX2 Pro home router version DI 7003G-19.12.24A1V16.03.29.50, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 **Description** The issue concerns a Remote Command Execution vulnerability in the CGI function responsible for handling `usb paswd.asp`. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function. This may allow a remote attacker to execute arbitrary commands, potentially leading to unauthorized access and system compromise. **Recommendations** For D-Link DI-7003GV2 version 24.04.18D1, restrict access to the CGI function responsible for handling `usb paswd.asp` to minimize the risk of exploitation. For D-Link DI-7100G+V2 version 24.04.18D1, restrict access to the CGI function responsible for handling `usb paswd.asp` to minimize the risk of exploitation. For D-Link DI-7100GV2 version 24.04.18D1, restrict access to the CGI function responsible for handling `usb paswd.asp` to minimize the risk of exploitation. For D-Link DI-7200GV2 version 24.04.18E1, restrict access to the CGI function responsible for handling `usb paswd.asp` to minimize the risk of exploitation. For D-Link DI-7300G+V2 version 24.04.18D1, restrict access to the CGI function responsible for handling `usb paswd.asp` to minimize the risk of exploitation. For D-Link DI-7400G+V2 version 24.04.18D1, patch immediately and restrict CGI access, then audit logs for signs of exploit.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003G version 19.12.24A1 D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 Description: The issue is related to insufficient argument checking in the `version upgrade.asp` function of D-Link router firmware, allowing remote command execution. This can enable a remote attacker to execute arbitrary commands. Recommendations: For D-Link DI-7003G version 19.12.24A1, consider disabling access to the `version upgrade.asp` page until a patch is available. For D-Link DI-7003GV2 version 24.04.18D1, restrict access to the `version upgrade.asp` function to minimize the risk of exploitation. For D-Link DI-7100G+V2 version 24.04.18D1, avoid using the `version upgrade.asp` page in production environments until the issue is resolved. For D-Link DI-7100GV2 version 24.04.18D1, limit access to the `version upgrade.asp` function to trusted users only. For D-Link DI-7200GV2 version 24.04.18E1, disable the `version upgrade.asp` function temporarily as a workaround. For D-Link DI-7300G+V2 version 24.04.18D1, restrict the use of the `version upgrade.asp` page to administrative tasks only. For D-Link DI-7400G+V2 version 24.04.18D1, consider applying configuration changes to limit the exposure of the `version upgrade.asp` function.

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 Description: The issue is related to insufficient checking of arguments passed to a command in the CGI function of D-Link router software. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability is due to insufficient parameter filtering in the CGI handling function of the upgrade filter.asp file. Recommendations: For D-Link DI-7003GV2 version 24.04.18D1, consider disabling the `upgrade filter.asp` function until a patch is available. For D-Link DI-7100G+V2 version 24.04.18D1, restrict access to the vulnerable CGI handling function to minimize the risk of exploitation. For D-Link DI-7100GV2 version 24.04.18D1, avoid using the vulnerable `upgrade filter.asp` file in the CGI function until the issue is resolved. For D-Link DI-7200GV2 version 24.04.18E1, temporarily disable the `upgrade filter.asp` function to prevent remote command execution. For D-Link DI-7300G+V2 version 24.04.18D1, restrict access to the `upgrade filter.asp` file to minimize the risk of exploitation. For D-Link DI-7400G+V2 version 24.04.18D1, consider disabling the vulnerable CGI function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK AC1200 Wireless Router A3002R Firmware version 1.1.1-B20200824 **Description** The issue is related to a Buffer Overflow vulnerability in the boa server program's CGI handling function `formWlEncrypt`, due to a lack of length restriction on the `wlan ssid` field. This can lead to potential buffer overflow under specific circumstances, enabling arbitrary command execution or denial of service attacks. For instance, by invoking the `formWlanRedirect` function with specific parameters to alter `wlan idx`'s value and subsequently invoking the `formWlEncrypt` function, an attacker can trigger buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK AC1200 Wireless Router A3002RU version V2.1.1-B20230720.1011 **Description** The issue concerns a buffer overflow vulnerability related to the formWlEncrypt CGI handler in the boa program. This handler fails to limit the length of the `wlan ssid` field from user input, allowing attackers to craft malicious HTTP requests by supplying an excessively long value for the `wlan ssid` field. This can lead to a stack overflow and potentially be exploited further to execute arbitrary commands or launch denial-of-service attacks. **Recommendations** As a temporary workaround, consider disabling the `formWlEncrypt` CGI handler in the boa program until a patch is available. Restrict access to the vulnerable `boa` program to minimize the risk of exploitation. Avoid using the `wlan ssid` field in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router version v21 D240126 **Description** The issue is related to a remote code execution vulnerability in the `ntp zone val` parameter at the `/goform/set ntp` API endpoint. This vulnerability can be exploited via a crafted HTTP request, allowing a remote attacker to execute arbitrary code. The vulnerability is due to insufficient input validation in the HTTP Request Handler component of the router's firmware. **Recommendations** For D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router version v21 D240126, as a temporary workaround, consider restricting access to the `/goform/set ntp` API endpoint to minimize the risk of exploitation. Avoid using the `ntp zone val` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 version V22.03.01.46 AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 version V1.0 V22.03.01.46 **Description** The issue is related to an authenticated remote command execution via the `macFilterType` parameter at the "/goform/setMacFilterCfg" API endpoint. This allows for potential exploitation where an attacker could execute commands remotely on the affected device. **Recommendations** For AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 version V22.03.01.46, avoid using the `macFilterType` parameter in the "/goform/setMacFilterCfg" API endpoint until the issue is resolved. For AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 version V1.0 V22.03.01.46, consider restricting access to the "/goform/setMacFilterCfg" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX1806 version 1.0.0.1 **Description** A stack overflow in the Tenda AX1806 allows attackers to cause a Denial of Service (DoS) via a crafted input. **Recommendations** For Tenda AX1806 version 1.0.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823X firmware - 240126 Description: A remote command execution vulnerability exists in the D-Link DIR-823X firmware due to insufficient measures to neutralize special elements. This vulnerability can be exploited by sending a specially crafted HTTP request to the `/goform/set lan settings` endpoint, allowing a remote attacker to execute arbitrary code via the `dhcpd startip` parameter. Recommendations: For D-Link DIR-823X firmware - 240126, as a temporary workaround, consider disabling access to the `/goform/set lan settings` endpoint until a patch is available. Restrict the use of the `dhcpd startip` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247 B20211129 **Description** The issue arises from the lack of input validation in the `setNoticeCfg` function, specifically with the `NoticeUrl` variable. This omission can lead to a buffer overflow, enabling attackers to craft malicious requests. As a result, this can cause a denial-of-service attack by constructing malicious HTTP or MQTT requests. **Recommendations** For TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware version A3100R V4.1.2cu.5247 B20211129, as a temporary workaround, consider restricting access to the `/lib/cste modules/system.so` file to minimize the risk of exploitation. Additionally, avoid using the `NoticeUrl` variable in the `setNoticeCfg` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU V3 version V3.0.0-B20230809.1615 **Description** The issue allows attackers to modify the value of the `vwlan idx` field via "formMultiAP". This can lead to a stack overflow through the `formWlEncrypt` CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks. **Recommendations** For Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU V3 version V3.0.0-B20230809.1615, as a temporary workaround, consider restricting access to the "boa" program and the `formWlEncrypt` CGI function to minimize the risk of exploitation. Avoid using the `vwlan idx` field via "formMultiAP" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers version RSR10-01G-T-S RSR 3.0(1)B9P2, Release(07150910) **Description** An issue in the routers allows attackers to execute arbitrary code via the common quick config.lua file. **Recommendations** For version RSR10-01G-T-S RSR 3.0(1)B9P2, Release(07150910), consider restricting access to the common quick config.lua file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RG-RSR10-01G-T(WA)-S RSR 3.0(1)B9P2 RSR10-01G-TW-S 07150910 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted HTTP request. **Recommendations** For RG-RSR10-01G-T(WA)-S RSR 3.0(1)B9P2 RSR10-01G-TW-S 07150910, consider restricting access to the HTTP request functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.