Yeleipeng

**Name of the Vulnerable Software and Affected Versions:** lty628 Aidigu versions up to 1.8.2 **Description:** A critical vulnerability exists in lty628 Aidigu. The issue affects the `checkUserCookie` function within the PHP Object Handler component, located in the `/application/common.php` file. Manipulation of the `rememberMe` argument leads to deserialization, allowing for remote exploitation. The exploit has been publicly disclosed and may be utilized. **Recommendations:** Versions prior to 1.8.2 are affected. Update lty628 Aidigu to a version newer than 1.8.2. As a temporary workaround, restrict access to the `/application/common.php` file. Disable the `rememberMe` functionality if it is not essential.

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl, leading to server-side request forgery. The attack may be initiated remotely. Recommendations: For BoyunCMS versions up to 1.4.20, update to a version later than 1.4.20 to resolve the issue. As a temporary workaround, consider restricting access to the /application/pay/controller/Index.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue has been identified, affecting the file application/update/controller/Server.php. The manipulation of the `phone` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For BoyunCMS versions up to 1.4.20, as a temporary workaround, consider restricting access to the `Server.php` file in the `application/update/controller` directory to minimize the risk of exploitation. Avoid using the `phone` argument in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue affects the Configuration File Handler component, specifically an unknown part of the /install/install ok.php file. The manipulation of the `db pass` argument leads to code injection. This issue can be exploited remotely. Recommendations: For BoyunCMS versions up to 1.4.20, update to a version later than 1.4.20 to resolve the issue. As a temporary workaround, consider restricting access to the /install/install ok.php file to minimize the risk of exploitation. Avoid using the `db pass` argument in the affected Configuration File Handler component until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue affects some unknown functionality of the file /application/user/controller/Index.php, where the manipulation of the `image` argument leads to unrestricted upload. This issue can be exploited remotely. Recommendations: For BoyunCMS versions up to 1.4.20, as a temporary workaround, consider restricting access to the /application/user/controller/Index.php file to minimize the risk of exploitation. Avoid using the `image` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.21 Description: A critical issue has been found in the Installation Handler component, specifically in the file install/install2.php. The manipulation of the `db host` argument leads to deserialization. This issue can be exploited remotely, but the complexity of an attack is rather high, making exploitation difficult. Recommendations: For BoyunCMS versions up to 1.21, update to a version that fixes this issue, as the current version is affected by a critical vulnerability in the Installation Handler component.

Name of the Vulnerable Software and Affected Versions: Conjure Position Department Service Quality Evaluation System versions up to 1.0.11 Description: A critical vulnerability has been found in the Conjure Position Department Service Quality Evaluation System. The issue affects the `eval` function of the file `public/assets/less/bootstrap-less/mixins/head.php`. The manipulation of the `payload` argument leads to a backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For Conjure Position Department Service Quality Evaluation System versions up to 1.0.11, consider disabling the `eval` function in the `public/assets/less/bootstrap-less/mixins/head.php` file as a temporary workaround until a patch is available. Restrict access to the `public/assets/less/bootstrap-less/mixins/head.php` file to minimize the risk of exploitation. Avoid using the `payload` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU versions 3.0.0-B20230809.1615 through 4.0.0-B20230531.1404 Description: A critical vulnerability has been found in the HTTP POST Request Handler of the affected devices. The issue is related to the manipulation of the `submit-url` argument, which leads to a buffer overflow. This can be exploited remotely. The exploit has been disclosed to the public. Recommendations: For versions 3.0.0-B20230809.1615 through 4.0.0-B20230531.1404, consider disabling the HTTP POST Request Handler or restricting access to the `/boafrm/formTmultiAP` file until a patch is available. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting an unknown function of the file /boafrm/formTmultiAP. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler or restricting access to the /boafrm/formTmultiAP file until a patch is available. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002R version 4.0.0-B20230531.1404 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the /boafrm/formMultiAP file. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For TOTOLINK A3002R version 4.0.0-B20230531.1404, as a temporary workaround, consider restricting access to the HTTP POST Request Handler component, specifically the /boafrm/formMultiAP file, to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713 TOTOLINK A3002R versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713 TOTOLINK A3002RU versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713 TOTOLINK EX1200T versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713 Description: A critical issue has been found in the HTTP POST Request Handler component of the affected devices. The problem lies in an unknown function of the file /boafrm/formIPv6Addr, where the manipulation of the `submit-url` argument leads to a buffer overflow. This can be exploited remotely. The exploit has been publicly disclosed. Recommendations: For TOTOLINK A702R versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713, restrict access to the /boafrm/formIPv6Addr file to minimize the risk of exploitation. For TOTOLINK A3002R versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713, avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. For TOTOLINK A3002RU versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713, consider disabling the HTTP POST Request Handler component temporarily as a workaround. For TOTOLINK EX1200T versions 3.0.0-B20230809.1615 through 4.1.2cu.5232 B20210713, as a temporary mitigation measure, limit remote access to the device until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical vulnerability was found in the HTTP POST Request Handler of TOTOLINK X15. The issue affects unknown code of the file /boafrm/formTmultiAP. The manipulation of the `submit-url` argument leads to a buffer overflow. This can be initiated remotely. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider disabling the HTTP POST Request Handler until a patch is available. Restrict access to the /boafrm/formTmultiAP file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical vulnerability was found in the TOTOLINK EX1200T, affecting an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to a buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the HTTP POST Request Handler until a patch is available. Restrict access to the /boafrm/formNtp file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical vulnerability was found in the TOTOLINK EX1200T, affecting some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to a buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the /boafrm/formSysLog endpoint until a patch is available. Restrict access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical vulnerability has been found in the TOTOLINK EX1200T router's embedded boa server, specifically in the /boafrm/formSysCmd file. This issue is related to a buffer overflow in memory, which can be exploited by sending a specially crafted POST request. The manipulation of the `submit-url` argument leads to this buffer overflow. The attack can be launched remotely, potentially affecting the confidentiality, integrity, and availability of protected information. **Recommendations** For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, as a temporary workaround, consider disabling the /boafrm/formSysCmd endpoint until a patch is available. Restrict access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue has been discovered, affecting the HTTP POST Request Handler component, specifically the /boafrm/formPortFw file. The manipulation of the `service type` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the HTTP POST Request Handler component, specifically the /boafrm/formPortFw file, to minimize the risk of exploitation. Avoid using the `service type` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical vulnerability was found in the HTTP POST Request Handler component, specifically affecting the file /boafrm/formIpQoS. The manipulation of the `mac` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the /boafrm/formIpQoS file to minimize the risk of exploitation. Avoid using the `mac` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X15 version 1.0.0-B20230714.1105 **Description** A critical issue affects some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to buffer overflow. The attack may be launched remotely. **Recommendations** For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.