Xuanyu

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 6.1c.1353 B20190305 **Description** A remote file inclusion issue exists in the '/cgi-bin/cstecgi.cgi' endpoint. Manipulation of the `FileName` argument within the `setUploadSetting()` function allows for this flaw to be exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Plugin version 4.1.2cu.5137 **Description** A remote buffer overflow exists in the `setWiFiMultipleConfig()` function within the `/lib/cste modules/wireless.so` library of the `/cgi-bin/cstecgi.cgi` file. This issue occurs when the `wepkey2` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `setWiFiMultipleConfig()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda HG10 HG7 HG9 HG10re 300001138 en xpon (affected versions not specified) **Description** A buffer overflow exists in the Boa Service component within the `formRoute()` function of the `/boaform/formRouting` file. This issue can be triggered remotely by manipulating the `nextHop` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 6.1c.1353 B20190305 **Description** A flaw in the `setUpgradeUboot()` function within the `upgrade.so` file allows for remote OS command injection. This occurs due to improper manipulation of the `FileName` argument, which can be exploited to execute arbitrary operating system commands on the device. **Recommendations** Update Totolink N300RH version 6.1c.1353 B20190305 to a patched version. Isolate affected devices from the network to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions Totolink A800R version 4.1.2cu.5137 B20200730 Description A flaw exists in the Totolink A800R version 4.1.2cu.5137 B20200730 due to a buffer overflow in the `setAppEasyWizardConfig` function within the `/lib/cste modules/app.so` library. The `apcliSsid` argument is susceptible to manipulation, leading to the overflow. This issue can be exploited remotely. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH version 6.1c.1353 B20190305 **Description** A security flaw exists in the Totolink N300RH router. The issue is located in the `setWebWlanIdx` function of the `/cgi-bin/cstecgi.cgi` file within the Web Management Interface component. Manipulation of the `webWlanIdx` argument can lead to operating system command injection. The attack can be initiated remotely. The exploit for this issue has been publicly released. **Recommendations** For Totolink N300RH version 6.1c.1353 B20190305, temporarily disable the Web Management Interface to prevent remote exploitation of the `setWebWlanIdx` function.

**Name of the Vulnerable Software and Affected Versions** Totolink A7000R version 4.1cu.4154 **Description** A flaw exists in the Totolink A7000R device. The `setUpgradeFW` function within the `/cgi-bin/cstecgi.cgi` file is susceptible to command injection through manipulation of the `FileName` argument. This issue can be exploited remotely. The exploit code has been publicly released, potentially increasing the risk of attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink A7000R version 4.1cu.4154 **Description** A flaw exists in the Totolink A7000R router firmware that allows for remote command injection. The issue resides within the `setUploadUserData` function of the `/cgi-bin/cstecgi.cgi` file. Manipulation of the `FileName` argument can trigger the flaw. The exploit for this issue has been publicly released. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file.

**Name of the Vulnerable Software and Affected Versions** Totolink A7000R version 4.1cu.4154 **Description** A flaw exists in the `setUnloadUserData` function within the `/cgi-bin/cstecgi.cgi` file of the affected product. Manipulation of the `plugin name` argument can lead to command injection. This allows for remote attacks. The exploit is publicly available. **Recommendations** Apply a software update that addresses the vulnerability in the `setUnloadUserData` function. As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` file. Avoid using the `plugin name` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Totolink A7000R version 4.1cu.4154 **Description** A flaw exists in Totolink A7000R version 4.1cu.4154 that allows for command injection. The issue is located in the `CloudACMunualUpdateUserdata` function within the `/cgi-bin/cstecgi.cgi` file. Manipulation of the `url` argument can trigger the flaw. This attack can be initiated remotely. The exploit has been published. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` file.

**Name of the Vulnerable Software and Affected Versions** Tenda AC23 version 16.03.07.52 **Description** A buffer overflow flaw exists in the Tenda AC23 router. The issue is due to the manipulation of the `wpapsk crypto` argument within the `/goform/WifiExtraSet` file. This allows for remote exploitation. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC23 version 16.03.07.52 **Description** A flaw exists in Tenda AC23 version 16.03.07.52 related to a buffer overflow. The issue is located in the `/goform/PowerSaveSet` file and specifically affects the `sscanf` function. Manipulation of the `Time` argument can trigger the overflow. This can be exploited remotely. A public exploit is available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7400G+ version 19.12.25A1 **Description** A flaw exists in D-Link DI-7400G+ that allows remote command injection. The issue is related to the manipulation of the `cmd` argument in the `/msp info.htm?flag=cmd` file. This affects an unknown function. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC20 versions prior to 16.03.08.12 **Description** A buffer overflow issue exists in Tenda AC20 routers. The issue is located in the `sscanf` function within the `/goform/PowerSaveSet` file. Manipulation of the `powerSavingEn`, `time`, `powerSaveDelay`, and `ledCloseType` arguments can trigger the overflow. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Update Tenda AC20 to a version later than 16.03.08.12. As a temporary workaround, restrict access to the `/goform/PowerSaveSet` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7400G+ version 19.12.25A1 **Description** A security flaw exists in the D-Link DI-7400G+ router. The issue is located in the `sub 478D28` function of the `/mng platform.asp` file. Manipulation of the `addr` argument with the input `echo 12345 > poc.txt` can lead to command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited. **Recommendations** As a temporary workaround, consider restricting access to the `/mng platform.asp` file to minimize the risk of exploitation.