Xuhsy

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-868L version 110b03 **Description** A flaw exists in the SSDP Service component, specifically within the `sub 1BF84` function, of the D-Link DIR-868L. Manipulation of the `ST` argument can lead to operating system command injection. This issue is remotely exploitable. The exploit has been published. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810G versions up to 1.7.7-171114 **Description** A buffer overflow issue exists in UTT HiPER 810G due to the manipulation of the `except` argument within the `strcpy` function located in the file `/goform/formP2PLimitConfig`. Remote exploitation is possible. The exploit is publicly available. **Recommendations** Versions prior to 1.7.7-171114 should be updated. As a temporary workaround, consider restricting access to the file `/goform/formP2PLimitConfig` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 810G versions up to 1.7.7-171114 **Description** A buffer overflow issue exists in UTT HiPER 810G. The problem is located in the `strcpy` function within the `/goform/formPolicyRouteConf` file. Manipulation of the `GroupName` argument can trigger the overflow. This can be exploited remotely. **Recommendations** Versions prior to 1.7.7-171114 should be updated. As a temporary workaround, consider restricting access to the `/goform/formPolicyRouteConf` file to minimize the risk of exploitation. Avoid manipulating the `GroupName` argument.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 versions prior to 15.13.07.14 **Description** A security issue exists in the `TextEditingConversion()` function of Tenda AC15 routers. The issue is a stack-based buffer overflow that occurs when processing the `wpapsk crypto2 4g` parameter within the file `/goform/TextEditingConversion`. This allows for remote attacks. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 15.13.07.14 should be updated. As a temporary workaround, consider restricting access to the `/goform/TextEditingConversion` file to minimize the risk of exploitation. Avoid using the `wpapsk crypto2 4g` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10 version 16.03.10.13 **Description** A critical vulnerability exists in Tenda AC10 version 16.03.10.13. The issue is a heap-based buffer overflow triggered by manipulating the `device1D` argument in the `/goform/RequestsProcessLaid` file. This allows for remote attacks. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.