Yhryhryhr_Tu

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formPPPoESetup()` function located in the '/goform/formPPPoESetup' endpoint when the `pppUserName` argument is manipulated. A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially leading to system instability or unauthorized code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formL2TPSetup()` function located in the '/goform/formL2TPSetup' endpoint when the `L2TPUserName` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formPPTPSetup()` function located in the '/goform/formPPTPSetup' endpoint when manipulating the `pptpUserName` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** Command injection is possible via the POST Request Handler component. The issue exists in the `formWlanMP()` function within the '/goform/formWlanMP' endpoint. A remote attacker can trigger this by manipulating several arguments, including `ateFunc`, `ateGain`, `ateRate`, `ateChan`, `ateTxCount`, `e2pTx2Power1`, `e2pTx2Power2`, `e2pTx2Power3`, `e2pTx2Power4`, `e2pTx2Power5`, `e2pTx2Power6`, `e2pTx2Power7`, `e2pTxPower1`, `e2pTxPower2`, `e2pTxPower3`, `e2pTxPower4`, `e2pTxPower5`, `e2pTxPower6`, `e2pTxPower7`, `ateTxFreqOffset`, `ateMode`, `ateMacID`, `ateBW`, `ateAntenna`, `e2pTxFreqOffset`, `e2pTxPwDeltaB`, `e2pTxPwDeltaG`, `e2pTxPwDeltaMix`, `readE2P`, and `e2pTxPwDeltaN`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/formWlanMP' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formWanTcpipSetup()` function located in the '/goform/formWanTcpipSetup' endpoint when the `pppUserName` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the `formsetPPPoE()` function located in the '/goform/formsetPPPoE' endpoint when the `pppUserName` argument is manipulated. A buffer overflow occurs when a program writes more data to a block of memory, or buffer, than it is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/formsetPPPoE' endpoint or avoid using the `pppUserName` parameter until a resolution is provided.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A flaw in the POST Request Handler component allows for remote command injection. The issue exists within the `formUSBStorage()` function located in the '/goform/formUSBStorage' endpoint. An attacker can trigger this by manipulating the `sub dir` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the `formWlSiteSurvey()` function within the '/goform/formWlSiteSurvey' endpoint when manipulating the `selSSID` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6675nD version 1.12 **Description** A security flaw exists in the POST Request Handler component. A remote attacker can perform command injection by manipulating the `command` argument within the `mp()` function of the '/goform/mp' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink NR1800X version 9.1.0u.6279 B20210910 **Description** A flaw exists in Totolink NR1800X version 9.1.0u.6279 B20210910 that allows for command injection. The issue is located within the `setWanCfg` function of the `/cgi-bin/cstecgi.cgi` file, specifically in the POST Request Handler component. Manipulation of the `Hostname` argument can lead to unauthorized command execution. This attack can be initiated remotely, and an exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink LR350 version 9.3.5u.6369 B20220309 **Description** A security flaw exists in Totolink LR350. The issue affects the `setWizardCfg` function within the `/cgi-bin/cstecgi.cgi` file, specifically in the POST Request Handler component. Manipulation of the `ssid` argument can lead to a buffer overflow. This attack can be initiated remotely. The exploit has been publicly released. **Recommendations** Totolink LR350 version 9.3.5u.6369 B20220309: As a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3300R version 17.0.0cu.557 B20221024 **Description** A flaw exists in TOTOLINK A3300R that allows for remote attacks. The issue is a stack-based buffer overflow within the `setLanguageCfg` function located in the `/cgi-bin/cstecgi.cgi` file, specifically in the POST Parameter Handler component. Manipulation of the `lang` argument triggers this overflow. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda O3 version 1.0.0.10(2478) **Description** A security flaw exists in Tenda O3 version 1.0.0.10(2478). The issue is related to the `SetValue`/`GetValue` function within the `/goform/setDmzInfo` file. Manipulation of the `dmzIP` argument can lead to a stack-based buffer overflow. Remote exploitation is possible. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 **Description** A stack-based buffer overflow exists in Tenda AC7 routers. The issue is located in an unknown function within the `/goform/saveAutoQos` file. Exploitation occurs through manipulation of the `enable` argument, potentially allowing for remote code execution. A publicly available exploit exists. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 version 15.03.05.18 **Description** A buffer overflow can occur due to the manipulation of the `ddnsEn` argument within a POST request to the `/goform/SetDDNSCfg` file. This impacts an unknown function of the POST Parameter Handler component. The issue is remotely exploitable. An exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC18 version 15.03.05.19(6318) **Description** A weakness exists in Tenda AC18 version 15.03.05.19(6318). Manipulation of the `wifi chkHz` argument in the file '/goform/WifiMacFilterSet' can lead to a stack-based buffer overflow. This issue can be exploited remotely, and an exploit has been made publicly available. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the file '/goform/WifiMacFilterSet' to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Tenda AC5 version 15.03.06.47 Description: A critical issue was found in the file /goform/SetSysTimeCfg, where the manipulation of the `time/timeZone` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. Recommendations: For Tenda AC5 version 15.03.06.47, as a temporary workaround, consider restricting access to the /goform/SetSysTimeCfg endpoint to minimize the risk of exploitation. Avoid using the `time/timeZone` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1205 version 2.0.0.7 **Description** A critical vulnerability has been found in Tenda FH1205, affecting the function `fromadvsetlanip` of the file `/goform/AdvSetLanip`. The manipulation of the argument `lanMask` leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tenda FH1205 version 2.0.0.7, as a temporary workaround, consider disabling the `fromadvsetlanip` function until a patch is available. Restrict access to the `/goform/AdvSetLanip` file to minimize the risk of exploitation. Avoid using the `lanMask` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1201 version 1.2.0.14(408) **Description** A critical vulnerability has been found in Tenda FH1201. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the `page` argument leads to a stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling access to the `/goform/SafeMacFilter` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `page` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 15.03.05.16 **Description** A critical vulnerability was found in the function `formSetSafeWanWebMan` of the file `/goform/SetRemoteWebCfg`. The manipulation of the argument `remoteIp` leads to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `formSetSafeWanWebMan` function until a patch is available. Restrict access to the `/goform/SetRemoteWebCfg` file to minimize the risk of exploitation. Avoid using the `remoteIp` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.