Sxxxw

**Name of the Vulnerable Software and Affected Versions** Tenda CH22 versions prior to 1.0.0.1 **Description** A security issue exists in Tenda CH22. The `formWrlsafeset` function within the `/goform/AdvSetWrlsafeset` file, part of the HTTP Request Handler component, is susceptible to a stack-based buffer overflow. Manipulation of the `mit ssid index` argument can trigger this issue, potentially allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Versions prior to 1.0.0.1 should be updated. As a temporary workaround, consider segmenting or monitoring HTTP management traffic. Restrict access to the vulnerable component `/goform/AdvSetWrlsafeset` to minimize the risk of exploitation. Avoid using the parameter `mit ssid index` in the affected function `formWrlsafeset()` until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A flaw exists in Campcodes Online Loan Management System that allows for SQL injection. The issue is related to the manipulation of the `ID` argument within the `/ajax.php?action=save loan type` file. This manipulation can be carried out remotely. The exploit for this issue has been published. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.