Xuewei Feng

**Name of the Vulnerable Software and Affected Versions** FreeBSD (affected versions not specified) **Description** The `ptrace(PT SC REMOTE)` function failed to properly validate parameters for the `syscall(2)` and ` syscall(2)` meta-system calls. This allows a user with debugging capabilities to trigger arbitrary code execution in the kernel, regardless of the target process's privileges. An unprivileged local user can exploit this to escalate privileges and potentially gain full control of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX12 version 16.03.49.18 cn+ **Description** The issue allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. **Recommendations** For Tenda AX12 version 16.03.49.18 cn+, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Redmi router RB03 version 1.0.57 **Description** The issue allows an attacker in the same WLAN as the victim to hijack traffic between the victim and any remote server by sending forged ICMP redirect messages. This can be exploited by an attacker in the same wireless network. **Recommendations** For Redmi router RB03 version 1.0.57, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Redmi router RB03 version 1.0.57 **Description** The issue allows an attacker in the same WLAN as the victim to disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. This can lead to TCP DoS or hijacking attacks. **Recommendations** For Redmi router RB03 version 1.0.57, consider restricting access to the WLAN network to minimize the risk of exploitation until a patch is available. As a temporary workaround, implement additional security measures to monitor and filter out forged TCP RST messages.

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-7DR5130 version 1.0.23 Description: The issue is related to the mechanism of transmitting routing information to hosts via ICMP Redirect in the TP-LINK TL-7DR5130 wireless router's firmware. It is associated with insufficient verification of the communication channel source. An attacker in the same WLAN as the victim can exploit this by sending specially crafted ICMP messages to hijack the traffic between the victim and any remote server. Recommendations: For TP-LINK TL-7DR5130 version 1.0.23, consider restricting access to the network to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of ICMP redirect messages could help mitigate the issue. However, specific steps for this action are not provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-7DR5130 version 1.0.23 Description: The issue is related to insufficient validation of the communication channel source, which can be exploited by an attacker to perform a TCP Reset attack. This can be done by sending specially crafted RST messages to a remote server, potentially allowing the attacker to disconnect or hijack the traffic between the victim and the server. An attacker in the same WLAN as the victim can exploit this by sending forged TCP RST messages to evict NAT mappings in the router. Recommendations: For TP-LINK TL-7DR5130 version 1.0.23, consider restricting access to port 50005 as a temporary workaround to minimize the risk of exploitation. Additionally, avoid using the router's WLAN functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C Magic R365 (affected versions not specified) H3C Magic R100 (affected versions not specified) **Description** An issue in the routers allows attackers to hijack TCP sessions, potentially leading to a denial of service. **Recommendations** For H3C Magic R365, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For H3C Magic R100, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenWrt versions 18.06 through 22.03 and beyond **Description** An issue in OpenWrt allows off-path attackers to hijack TCP sessions. This could lead to a denial of service, impersonating the client to the server, and impersonating the server to the client, potentially allowing access to sensitive information. The issue occurs because `nf conntrack tcp no window check` is true by default. **Recommendations** For OpenWrt versions 18.06 through 22.03 and beyond, consider setting `nf conntrack tcp no window check` to false to mitigate the risk of TCP session hijacking. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 360 V6G (affected versions not specified) 360 T5G (affected versions not specified) 360 T6M (affected versions not specified) 360 P1 (affected versions not specified) **Description** An issue in the routers allows attackers to hijack TCP sessions, which could lead to a denial of service. **Recommendations** For 360 V6G, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For 360 T5G, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For 360 T6M, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For 360 P1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7003GV2 (affected versions not specified) **Description** The issue allows attackers to hijack TCP sessions, potentially leading to a denial of service. It is related to incorrect clearance or release of resources, which can be exploited by a remote attacker to cause a denial of service by intercepting a TCP/IP session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wavlink QUANTUM D2G routers (affected versions not specified) **Description** An issue in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions, potentially leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E5600 (affected versions not specified) **Description** An issue in Linksys E5600 routers allows attackers to hijack TCP sessions, potentially leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mercury x30g (affected versions not specified) Mercury YR1800XG (affected versions not specified) **Description** An issue in the routers allows attackers to hijack TCP sessions, which could lead to a denial of service. **Recommendations** For Mercury x30g, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Mercury YR1800XG, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-LINK TL-R473GP-AC TP-LINK XDR6020 TP-LINK TL-R479GP-AC TP-LINK TL-R4239G TP-LINK TL-WAR1200L TP-LINK TL-R476G **Description** An issue in the listed TP-LINK routers allows attackers to hijack TCP sessions, potentially leading to a denial of service. **Recommendations** For TP-LINK TL-R473GP-AC, update to a version that addresses the TCP session hijacking issue. For TP-LINK XDR6020, update to a version that addresses the TCP session hijacking issue. For TP-LINK TL-R479GP-AC, update to a version that addresses the TCP session hijacking issue. For TP-LINK TL-R4239G, update to a version that addresses the TCP session hijacking issue. For TP-LINK TL-WAR1200L, update to a version that addresses the TCP session hijacking issue. For TP-LINK TL-R476G, update to a version that addresses the TCP session hijacking issue.

**Name of the Vulnerable Software and Affected Versions** Ruijie EG210G-P (affected versions not specified) Ruijie EG105G-V2 (affected versions not specified) Ruijie NBR (affected versions not specified) Ruijie EG105G (affected versions not specified) **Description** An issue in the mentioned Ruijie routers allows attackers to hijack TCP sessions, potentially leading to a denial of service. **Recommendations** For Ruijie EG210G-P, update to a version that addresses the TCP session hijacking issue. For Ruijie EG105G-V2, update to a version that addresses the TCP session hijacking issue. For Ruijie NBR, update to a version that addresses the TCP session hijacking issue. For Ruijie EG105G, update to a version that addresses the TCP session hijacking issue.

**Name of the Vulnerable Software and Affected Versions** Comfast CF-616AC (affected versions not specified) **Description** An issue in Comfast CF-616AC routers allows attackers to hijack TCP sessions, potentially leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8 FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6 FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1 **Description** The pf(4) packet filter in FreeBSD incorrectly validates TCP sequence numbers, which could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall. This issue is related to improper access control in the packet filter component. **Recommendations** For FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8, update to 12.4-RELEASE-p9 or later. For FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6, update to 13.2-RELEASE-p7 or later. For FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1, update to 14.0-RELEASE-p2 or later. As a temporary workaround, consider restricting access to the pf(4) packet filter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cisco versions (affected versions not specified) NetGear versions (affected versions not specified) Mercury versions (affected versions not specified) Huawei versions (affected versions not specified) TP-Link versions (affected versions not specified) H3C versions (affected versions not specified) Tenda versions (affected versions not specified) Ruijie versions (affected versions not specified) Snapdragon Wired Infrastructure and Networking versions (affected versions not specified) **Description** The issue is related to the improper handling of ICMP requests, which can lead to information disclosure. It is also associated with the lack of proper filtering of fake ICMP messages, allowing a remote attacker to implement a spoofing attack. Additionally, the vulnerability can be exploited to intercept traffic in wireless networks protected by WPA, WPA2, and WPA3 protocols by manipulating ICMP packets with the "redirect" flag. **Recommendations** For all affected versions, consider disabling the handling of ICMP requests with the "redirect" flag as a temporary workaround until a patch is available. Restrict access to the vulnerable kernel module to minimize the risk of exploitation. Avoid using the `ICMP` protocol in sensitive network operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.