Tian

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC version 1.02 **Description** A command injection flaw exists in the L2TP Mode component. The issue occurs within the `setWAN()` function of the '/goform/setWAN' endpoint. A remote attacker can exploit this by manipulating the `L2TPUserName` argument to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/setWAN' endpoint or avoid using the `L2TPUserName` parameter in the L2TP Mode component.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6428nC versions prior to 1.17 **Description** A command injection flaw exists in the Web Interface component. A remote attacker can exploit this by manipulating the `pppUserName` or `pptpUserName` arguments within the '/goform/setWAN' endpoint. Command injection is a type of attack where an attacker executes arbitrary operating system commands on the target server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC versions prior to 1.02 **Description** A buffer overflow can be triggered remotely via a manipulation of the `pptpDfGateway` argument within an unknown function of the '/goform/setWAN' file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6428nC versions prior to 1.17 **Description** A buffer overflow can be triggered remotely via an unknown function within the '/goform/setWAN' endpoint. This occurs through the manipulation of the `pptpDfGateway` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 versions prior to 3.00b32 **Description** A buffer overflow exists in the `miniupnpd` component within the `upnpsoap.c` file. The issue occurs in the `AddPortMapping()` function when it fails to properly validate the size of input data during the copying of the `NewPortMappingDescription` argument. This flaw allows an attacker on the local network to execute arbitrary code by sending a specially crafted HTTP request. Millions of devices worldwide are potentially affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-822 A 101 **Description** A command injection issue exists in the udhcpd DHCP Service within the `system()` function of the `/udhcpcd/dhcpd.c` file. A remote attacker can exploit this by manipulating the `Hostname` argument to execute arbitrary code. This issue occurs because the software fails to neutralize special elements within the input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 version 3.00b32 **Description** A buffer overflow exists in the nmbd component of the firmware due to a lack of input size verification during buffer copying. Specifically, the issue resides in the `NMBD process()` function within the sserver.c file. A remote attacker located within the local network can exploit this by sending a specially crafted request to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC version 2 1.02 **Description** A flaw exists in the `auth check userpass2` function that allows for the use of default credentials through manipulation of the `Username/Password` argument. This issue can be exploited remotely. The vendor has confirmed the product is end-of-life and will issue a security advisory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6288ACL versions up to 1.12 **Description** A security issue exists in Edimax BR-6288ACL versions up to 1.12. The `wiz WISP24gmanual` function within the `wiz WISP24gmanual.asp` file is susceptible to cross site scripting due to manipulation of the `manualssid` argument. This allows for remote attacks. The vendor has stated the product is end-of-life and will issue a security advisory on their official support website. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6258n versions up to 1.18 **Description** A flaw exists in the `formStaDrvSetup` function within the `/goform/formStaDrvSetup` file. Manipulation of the `submit-url` argument can lead to an open redirect. This issue can be exploited remotely. The vendor has confirmed the product is end-of-life and will issue a security advisory on their official support website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-6641K N8.TR069.20131126 **Description** A security issue exists in D-Link DSL-6641K N8.TR069.20131126 related to the `doSubmitPPP` function within the `sp pppoe user.js` file. Manipulation of the `Username` argument can lead to cross site scripting. This attack can be initiated remotely. The exploit for this issue has been publicly released. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-6641K version N8.TR069.20131126 **Description** A flaw exists within the Web Interface component of the device, specifically in the `ad virtual server vdsl` function. Manipulating the `Name` argument can lead to cross site scripting. This issue is remotely exploitable, and details about the exploit are publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-700L version 1.03.09 **Description** A path traversal issue exists in the Music File Upload Service component of D-Link DCS-700L. The issue is located in the `uploadmusic` function of the `/setUploadMusic` file. Manipulation of the `UploadMusic` argument can lead to path traversal. This attack can only be initiated within the local network. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS700l version 1.03.09 **Description** A flaw exists in D-Link DCS700l that could allow for command injection. The issue is located within the Web Form Handler component, specifically in the `/setDayNightMode` file. Manipulating the `LightSensorControl` argument can trigger the flaw. This issue may be exploited remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC versions 1.02 through 1.03 **Description** A flaw exists in the Web-based Configuration Interface component of Edimax BR-6208AC versions 1.02 and 1.03. This issue is related to the `formALGSetup` function within the `/goform/formALGSetup` file. Manipulation of the `wlan-url` argument can lead to an open redirect. This manipulation is possible remotely. The exploit for this issue has been publicly released. Edimax has stated that the BR-6208AC V2 has reached its End of Life (EOL) status and will no longer receive updates or patches. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC versions 1.02 through 1.03 **Description** A flaw exists within the Web-based Configuration Interface component of the software, specifically in the `formStaDrvSetup` function located in the `/goform/formStaDrvSetup` file. Manipulation of the `rootAPmac` argument can lead to command injection. Remote exploitation is possible. The product has reached its End of Life (EOL) status and is no longer supported or maintained by the vendor, meaning no further updates or patches will be provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC versions 1.02 through 1.03 **Description** A security flaw exists in the Web-based Configuration Interface component of Edimax BR-6208AC. The `formRoute` function within the `/gogorm/formRoute` file is susceptible to command injection through manipulation of the `strIp`, `strMask`, and `strGateway` arguments. This allows for remote execution of commands. The exploit for this issue has been publicly released. Edimax has stated that the affected product has reached its End of Life (EOL) and will no longer receive updates or support. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-850L version 1.02.09 **Description** A flaw exists within the Firmware Update Service component, specifically in the `uploadfirmware` function. The issue stems from manipulating the `DownloadFile` argument, leading to a path traversal condition. Successful exploitation requires an attacker to be on the local network. The exploit is publicly available. This vulnerability impacts products no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6208AC version 1.02 **Description** A path traversal issue exists in the FTP Daemon Service component of Edimax BR-6208AC version 1.02, specifically within the `handle retr` function. This allows for remote manipulation of the system. The exploit is publicly available. The product is no longer supported by the vendor and has been discontinued for five years. **Recommendations** Disable the FTP service on the device to mitigate the risk. Upgrade to newer, supported models.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-605 version 202WWB03 **Description** A flaw exists in the Firmware Update Service component of the device, allowing for command injection. This issue can be exploited remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. The vulnerable functionality is not further specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.