Whiter6666

**Name of the Vulnerable Software and Affected Versions** Tenda RX9 Pro version V22.03.02.10 **Description** The issue is related to a Buffer Overflow vulnerability via the `httpd/setMacFilterCfg` endpoint. This vulnerability can be exploited, potentially allowing unauthorized access or control. **Recommendations** For Tenda RX9 Pro version V22.03.02.10, consider disabling access to the `httpd/setMacFilterCfg` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda RX9 Pro version V22.03.02.10 **Description** The issue is related to a Buffer Overflow vulnerability via the `httpd/setIPv6Status` endpoint. This vulnerability can be exploited, potentially allowing unauthorized access or control. **Recommendations** For Tenda RX9 Pro version V22.03.02.10, as a temporary workaround, consider restricting access to the `httpd/setIPv6Status` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda RX9 Pro version V22.03.02.10 **Description** The issue is related to a Buffer Overflow vulnerability via the httpd/SetNetControlList. **Recommendations** For Tenda RX9 Pro version V22.03.02.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T6 version 4.1.5cu.709 B20210518 **Description** The issue concerns a hard-coded password for the root user located in the /etc/shadow.sample file. This presents a significant security risk as it could allow unauthorized access to the system. **Recommendations** For TOTOLINK T6 version 4.1.5cu.709 B20210518, consider changing the root password to a unique and secure value to mitigate the risk of exploitation. As a temporary workaround, restrict access to the root account until a patch or update is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A860R version 4.1.2cu.5182 B20201027 **Description** The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. **Recommendations** For TOTOLINK A860R version 4.1.2cu.5182 B20201027, consider changing the hardcoded password for the root user at /etc/shadow.sample to a unique and secure password as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3000RU version 4.1.2cu.5185 B20201128 **Description** A hardcoded password for the root user was found in the /etc/shadow.sample file. This issue allows unauthorized access to the device. **Recommendations** For TOTOLINK A3000RU version 4.1.2cu.5185 B20201128, consider changing the root password as soon as possible to prevent unauthorized access. As a temporary workaround, restrict access to the device until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda TX9pro version V22.03.02.10 **Description** A buffer overflow issue was discovered in the httpd/SetNetControlList component. **Recommendations** For Tenda TX9pro version V22.03.02.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A810R version V5.9c.4050 B20190424 **Description** A command injection issue was found in the downloadFile.cgi component. This allows for potential exploitation. **Recommendations** For TOTOLINK A810R version V5.9c.4050 B20190424, consider restricting access to the downloadFile.cgi component until a patch is available. As a temporary workaround, avoid using the downloadFile.cgi component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A720R version 4.1.5cu.532 B20210610 **Description** The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. **Recommendations** For TOTOLINK A720R version 4.1.5cu.532 B20210610, consider changing the hardcoded password for the root user at /etc/shadow.sample to a unique and secure password as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A810R versions V4.1.2cu.5182 B20201026 through V5.9c.4050 B20190424 **Description** The issue is related to a hardcoded password for the root user at `/etc/shadow.sample`. This could allow a remote attacker to elevate their privileges. The vulnerability is associated with the use of predefined credentials in the TOTOLINK A810R router's firmware. **Recommendations** For versions V4.1.2cu.5182 B20201026 and V5.9c.4050 B20190424, consider changing the hardcoded password for the root user at `/etc/shadow.sample` to a unique and secure password. As a temporary workaround, restrict access to the `/etc/shadow.sample` file until a patch is available. Avoid using the default credentials for the root user in the affected firmware versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A800R version 4.1.2cu.5137 B20200730 **Description** The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. **Recommendations** For TOTOLINK A800R version 4.1.2cu.5137 B20200730, consider changing the hardcoded password for the root user at /etc/shadow.sample to a secure, unique password to prevent unauthorized access. As a temporary workaround, restrict access to the root account until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A950RG version 4.1.2cu.5204 B20210112 **Description** The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. **Recommendations** For TOTOLINK A950RG version 4.1.2cu.5204 B20210112, consider changing the hardcoded password for the root user at /etc/shadow.sample to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict access to the root account until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N600R version 4.3.0cu.7647 B20210106 **Description** The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. **Recommendations** For TOTOLINK N600R version 4.3.0cu.7647 B20210106, consider changing the hardcoded password for the root user at /etc/shadow.sample to a unique and secure password as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.