Ysnysn

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 version 4.1.8cu.5207 **Description** A critical vulnerability was found in the TOTOLINK T10, affecting the function `setWiFiMeshName` of the file `/cgi-bin/cstecgi.cgi` in the component POST Request Handler. The manipulation of the argument `device name` leads to a buffer overflow. This attack can be launched remotely, and the exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider disabling the `setWiFiMeshName` function until a patch is available. Restrict access to the `/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the `device name` argument in the affected POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.02.13 **Description** A critical issue affects the function `formSetIptv` of the file `/goform/SetIPTVCfg` in the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `formSetIptv` function until a patch is available. Restrict access to the `/goform/SetIPTVCfg` endpoint to minimize the risk of exploitation. Avoid using the vulnerable `formSetIptv` function in the POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 version 15.03.05.19 multi **Description** A critical issue affects the function `formSetSafeWanWebMan` of the file `/goform/SetRemoteWebCfg` in the HTTP POST Request Handler component. The manipulation of the `remoteIp` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For Tenda AC15 version 15.03.05.19 multi, as a temporary workaround, consider disabling the `formSetSafeWanWebMan` function until a patch is available. Restrict access to the `/goform/SetRemoteWebCfg` endpoint to minimize the risk of exploitation. Avoid using the `remoteIp` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.