Wxhwxhwxh_Mie

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A remote command injection issue exists in the POST Request Handler component. The problem occurs within the `formWlbasic()` function located in the `/goform/formWlbasic` file. An attacker can remotely execute arbitrary commands by manipulating the `rootAPmac` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A buffer overflow exists in the POST Request Handler component. The issue occurs within the `formUSBAccount()` function of the `/goform/formUSBAccount` endpoint when manipulating the `UserName` and `Password` arguments, allowing for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A buffer overflow exists in the POST Request Handler component within the `formUSBFolder()` function of the `/goform/formUSBFolder` endpoint. The issue is caused by improper handling and lack of bounds checking of the `ShareName` and `SelectName` arguments. A remote attacker can send a long string as input to overwrite adjacent memory regions, which may lead to a denial of service or arbitrary code execution by corrupting control flow mechanisms. No authentication is required to trigger this flaw. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A stack-based buffer overflow occurs in the POST Request Handler component. A remote attacker can trigger this issue by manipulating the `pppUserName` argument within the `formWanTcpipSetup()` function of the '/goform/formWanTcpipSetup' endpoint. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** An issue in the POST Request Handler component allows remote command injection. The flaw exists within the `formStaDrvSetup()` function located in the '/goform/formStaDrvSetup' endpoint. This occurs when the `rootAPmac` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A buffer overflow exists in the POST Request Handler component. The issue occurs within the `formQoS()` function of the '/goform/formQoS' endpoint when the `selSSID` argument is manipulated. This flaw allows a remote attacker to trigger the overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A command injection flaw exists in the POST Request Handler component. A remote attacker can trigger this issue by manipulating the `rootAPmac` argument within the `formiNICbasic()` function of the `/goform/formiNICbasic` endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** Command injection is possible via a remote attack in the POST Request Handler component. The issue exists within the `formAccept()` function of the `/goform/formAccept` endpoint, where improper handling of the `submit-url` argument allows for the execution of arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formiNICSiteSurvey()` function located in the '/goform/formiNICSiteSurvey' endpoint when the `selSSID` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formL2TPSetup()` function located in the '/goform/formL2TPSetup' endpoint when the `L2TPUserName` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink WA300 version 5.2cu.7112 B20190227 **Description** Command injection is possible via remote exploitation in the POST Request Handler component. The issue exists within the `setLanguageCfg()` function located in the '/cgi-bin/cstecgi.cgi' endpoint, where manipulation of the `langType` argument allows for the execution of arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink WA300 version 5.2cu.7112 B20190227 **Description** A remote command injection issue exists in the '/cgi-bin/cstecgi.cgi' endpoint. The flaw is located within the `NTPSyncWithHost()` function, where improper handling of the `hostTime` argument allows an attacker to execute arbitrary commands on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink WA300 version 5.2cu.7112 B20190227 **Description** A buffer overflow exists in the POST Request Handler component. This issue occurs within the `UploadCustomModule()` function of the '/cgi-bin/cstecgi.cgi' endpoint. A remote, unauthenticated attacker can trigger this flaw by manipulating the `File` argument via a malformed POST request, potentially leading to remote code execution. **Recommendations** For version 5.2cu.7112 B20190227, update the firmware to a newer version to mitigate the risk. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Totolink WA300 version 5.2cu.7112 B20190227 **Description** An issue exists in the POST Request Handler component where the manipulation of the `webWlanIdx` argument in the `setWebWlanIdx()` function of the '/cgi-bin/cstecgi.cgi' endpoint allows for remote command injection. Command injection is a flaw that enables an attacker to execute arbitrary operating system commands on the target device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6478AC version 1.23 **Description** A stack-based buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formPPPoESetup()` function located in the `/goform/formPPPoESetup` file, where improper manipulation of the `pppUserName` variable leads to the overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink WA300 version 5.2cu.7112 B20190227 **Description** A buffer overflow exists in the POST Request Handler component. A remote attacker can trigger this issue by manipulating the `http host` argument within the `loginauth()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 3.2.4-B20220812 **Description** A security flaw in the Parameter Handler component allows a remote attacker to cause a buffer overflow. This occurs through the manipulation of the `Password` argument within the `loginauth()` function of the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 3.2.4-B20220812 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the `setWanConfig()` function within the '/cgi-bin/cstecgi.cgi' endpoint when manipulating the `priDns` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 3.2.4-B20220812 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the `setUpgradeFW()` function within the '/cgi-bin/cstecgi.cgi' endpoint when manipulating the `FileName` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 3.2.4-B20220812 **Description** A buffer overflow exists in the POST Request Handler component. This issue occurs when the `mac address` argument is manipulated within the `setMacFilterRules()` function of the '/cgi-bin/cstecgi.cgi' endpoint, allowing for remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.