W0Rkd4Tt

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X6000R version 9.4.0cu.1360 B20241207 **Description** The vulnerability resides in the `sub 417D74()` function of the TOTOLINK X6000R router's firmware. The issue is due to a lack of data sanitization on the management level when processing the `file name` parameter. This allows unauthenticated attackers to execute arbitrary commands via a crafted request. **Recommendations** TOTOLINK X6000R version 9.4.0cu.1360 B20241207: As a temporary workaround, consider restricting access to the `sub 417D74()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Miniftpd (affected versions not specified) **Description** A local buffer overflow issue exists in Miniftpd, specifically in the ftpproto.c file through the `tmp` variable. This can be exploited by sending a crafted payload to the affected function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.