Zheng

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7001 MINI versions prior to 19.09.19A1 **Description** A stack-based buffer overflow occurs in the API component within the `sprintf()` function of the '/httpd debug.asp' endpoint. This issue is triggered by the manipulation of the `Time` argument and can be exploited remotely. **Recommendations** Update to a version later than 19.09.19A1. As a temporary workaround, restrict access to the '/httpd debug.asp' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-8400 versions prior to 16.07.26A1 **Description** A stack-based buffer overflow occurs in an unknown function within the '/dbsrv.asp' endpoint. This issue is triggered by manipulating the `str` argument, allowing for remote exploitation. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.