Xiaobor123

**Name of the Vulnerable Software and Affected Versions** D-Link DHP-1320 version 1.00WWB04 **Description** A flaw exists in the SOAP Handler component, specifically within the `redirect count down page` function, of the D-Link DHP-1320. This issue allows for a stack-based buffer overflow, which can be triggered remotely. The exploit for this issue is publicly available. This vulnerability impacts products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Netgear WNCE3001 version 1.0.0.50 Description: A critical vulnerability has been found, affecting the `http d` function of the HTTP POST Request Handler component. The manipulation of the `Host` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations: For Netgear WNCE3001 version 1.0.0.50, as a temporary workaround, consider restricting access to the `http d` function of the HTTP POST Request Handler component until a patch is available. Avoid using the `Host` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear EX6150 versions 1.0.0.46 through 1.0.76 **Description** A critical vulnerability has been identified in Netgear EX6150. The issue resides within the `sub 410090` function and leads to a stack-based buffer overflow. Remote attackers can initiate the attack. The exploit for this vulnerability has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** Netgear EX6150 versions 1.0.0.46 through 1.0.76 are affected and no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 version 2.03 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically affecting the `do file` function. This leads to a stack-based buffer overflow, which can be initiated remotely. The issue only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-825 version 2.03, as a temporary workaround, consider disabling the `do file` function of the HTTP POST Request Handler until a patch is available. However, since the product is no longer supported, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-632 version FW103B08 **Description** A critical issue has been found in the function `get pure content` of the component HTTP POST Request Handler. The manipulation of the argument `Content-Length` leads to a stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the `get pure content` function until a patch is available. Restrict access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `Content-Length` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-632 version FW103B08 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the `FUN 00425fd8` function of the file `/biurl grou`. This issue leads to a stack-based buffer overflow and can be exploited remotely. The problem only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-632 version FW103B08, as the product is no longer supported, consider disabling the `FUN 00425fd8` function or restricting access to the HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 version 2.03 **Description** A critical vulnerability has been found, affecting the `sub 4091AC` function of the HTTP POST Request Handler component. This issue leads to a stack-based buffer overflow and can be initiated remotely. The vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-825 version 2.03, as a temporary workaround, consider disabling the `sub 4091AC` function until a patch is available. Restrict access to the HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-665 version 1.00 **Description** A critical vulnerability has been identified in the D-Link DIR-665. The issue resides in the `sub AC78` function within the HTTP POST Request Handler component, leading to a stack-based buffer overflow. Remote attackers can exploit this vulnerability by sending a specially crafted POST request, potentially causing a denial-of-service condition. The exploit for this vulnerability has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-665 version 1.00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-632 version FW103B08 **Description** A critical vulnerability was found in the D-Link DIR-632, affecting the `do file` function of the HTTP POST Request Handler component. This vulnerability leads to a stack-based buffer overflow and can be initiated remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-632 version FW103B08, as the product is no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `do file` function of the HTTP POST Request Handler component to minimize the risk of exploitation. Restrict access to the HTTP POST Request Handler to reduce the attack surface. Avoid using the vulnerable component until a solution is found.

**Name of the Vulnerable Software and Affected Versions** Netgear EX3700 versions 1.0.0.0 through 1.0.0.88 **Description** A critical issue has been found, affecting the function `sub 41619C` of the file `/mtd`. This issue leads to a stack-based buffer overflow and can be exploited remotely. The problem has been publicly disclosed and may be used by attackers. It is estimated that this issue affects products that are no longer supported by the maintainer. **Recommendations** For Netgear EX3700 versions 1.0.0.0 through 1.0.0.88, upgrade to version 1.0.0.98 to address this issue. As a temporary workaround, consider disabling the `sub 41619C` function until a patch is available. Restrict access to the `/mtd` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-5020L version 1.01 B2 **Description** A critical vulnerability has been found in the function `websReadEvent()` of the file `/rame/ptdc.cgi`. The manipulation of the `Authorization` argument leads to a stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the `websReadEvent()` function until a patch is available. Restrict access to the `/rame/ptdc.cgi` file to minimize the risk of exploitation. Avoid using the `Authorization` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ManageEngine ADSelfService Plus (affected versions not specified) **Description** A significant issue has been disclosed affecting ManageEngine ADSelfService Plus. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda i9 version 1.0.0.8(3828) **Description** A critical issue affects the function `websReadEvent` of the file `/goform/GetIPTV`, leading to null pointer dereference. The attack may be initiated remotely. **Recommendations** For Tenda i9 version 1.0.0.8(3828), update the firmware to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `/goform/GetIPTV` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda i22 version 1.0.0.3(4687) **Description** A vulnerability has been found in the function `websReadEvent` of the file "/goform/GetIPTV?fgHPOST/goform/SysToo". The manipulation of the argument `Content-Length` leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This issue is related to a null pointer dereference, which can allow an attacker to cause a denial of service. **Recommendations** For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider disabling the `websReadEvent` function until a patch is available. Restrict access to the "/goform/GetIPTV?fgHPOST/goform/SysToo" endpoint to minimize the risk of exploitation. Avoid using the `Content-Length` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.