Xingyu Xu

**Name of the Vulnerable Software and Affected Versions** VMG3625-T50B firmware version V5.50(ABPM.8)C0 **Description** The issue is related to a buffer overflow vulnerability in the CGI program, which could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. **Recommendations** For VMG3625-T50B firmware version V5.50(ABPM.8)C0, consider restricting access to the CGI program until a patch is available. As a temporary workaround, avoid using the vulnerable CGI program to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AC86U (affected versions not specified) **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. A remote attacker with normal user privileges can exploit this to perform a command injection attack, executing arbitrary system commands, disrupting the system, or terminating the service. The vulnerability is related to the failure to filter special characters for parameters in specific web URLs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AC86U (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow vulnerability in the cgi function of the ASUS RT-AC86U router's firmware, caused by insufficient validation of network packet header length. This allows a remote attacker with administrator privileges to execute arbitrary system commands, disrupt the system, or terminate the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.