Ysnysnysn

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: A critical vulnerability exists in the Tenda FH1201. The `fromRouteStatic` function within the HTTP POST Request Handler, located in the file `/goform/fromRouteStatic`, is susceptible to a buffer overflow. Manipulation of the `page` argument can trigger this issue, allowing for remote exploitation. The exploit for this vulnerability has been publicly disclosed. Recommendations: Update Tenda FH1201 to a version that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.02.13 **Description** A critical vulnerability has been found in the function `formSetSafeWanWebMan` of the file `/goform/SetRemoteWebCfg` of the component HTTP POST Request Handler. The manipulation of the argument `remoteIp` leads to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `formSetSafeWanWebMan` function until a patch is available. Restrict access to the `/goform/SetRemoteWebCfg` endpoint to minimize the risk of exploitation. Avoid using the `remoteIp` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 version 4.1.8cu.5207 **Description** A critical issue has been found in the TOTOLINK T10, affecting the function `setWiFiAclRules` of the file `/cgi-bin/cstecgi.cgi` of the component POST Request Handler. The manipulation of the argument `desc` leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `setWiFiAclRules` function until a patch is available. Restrict access to the `/cgi-bin/cstecgi.cgi` file to minimize the risk of exploitation. Avoid using the `desc` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 version 15.03.05.19 multi **Description** A critical vulnerability was found in the Tenda AC15 router, affecting the `formsetschedled` function of the file `/goform/SetLEDCf` in the HTTP POST Request Handler component. The manipulation of the `Time` argument leads to a buffer overflow. This issue can be exploited remotely, and the exploit has been publicly disclosed. **Recommendations** For Tenda AC15 version 15.03.05.19 multi, as a temporary workaround, consider disabling the `formsetschedled` function until a patch is available. Restrict access to the `/goform/SetLEDCf` file to minimize the risk of exploitation. Avoid using the `Time` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.