Zhouziyi1

**Name of the Vulnerable Software and Affected Versions** Boohee Health version 13.0.13 **Description** The issue allows attackers to access sensitive user information by supplying a crafted link. **Recommendations** For version 13.0.13, update to a newer version that contains a fix for this issue to prevent attackers from accessing sensitive user information via crafted links.

**Name of the Vulnerable Software and Affected Versions** Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS version 7.70.0 **Description** The issue allows attackers to access sensitive user information via supplying a crafted link. **Recommendations** For version 7.70.0, consider avoiding the use of crafted links until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tencent Technology (Shanghai) Co., Ltd WeSing iOS version 9.3.39 **Description** An issue in WeSing iOS allows attackers to access sensitive user information via supplying a crafted link. **Recommendations** For version 9.3.39, avoid using links from untrusted sources until a patch is available. As a temporary workaround, consider restricting access to sensitive user information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BeautyPlus iOS version 7.8.010 **Description** The issue allows attackers to access sensitive user information by supplying a crafted link. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For BeautyPlus iOS version 7.8.010, update to a version that contains a fix for this issue, as no specific workaround or mitigation measures are mentioned. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shuqi Novel iOS version 5.3.8 **Description** The issue allows attackers to access sensitive user information via supplying a crafted link. **Recommendations** For Shuqi Novel iOS version 5.3.8, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Midea Home version 9.3.12 **Description** The issue allows attackers to access sensitive user information via supplying a crafted link. **Recommendations** For version 9.3.12, consider avoiding the use of crafted links until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KuGou Concept iOS version 4.0.61 **Description** An issue in KuGou Concept iOS allows attackers to access sensitive user information via supplying a crafted link. **Recommendations** For KuGou Concept iOS version 4.0.61, consider restricting access to sensitive user information until a patch is available. As a temporary workaround, avoid using crafted links in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Baidu Lite version 6.40.0 **Description** The issue allows attackers to access user information by supplying a crafted link. **Recommendations** For version 6.40.0, consider avoiding the use of links from untrusted sources until a patch is available. As a temporary workaround, restrict access to sensitive user information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS version 1.3.50 **Description** The issue allows attackers to access sensitive user information via supplying a crafted link. **Recommendations** For Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS version 1.3.50, consider avoiding the use of crafted links until a patch is available. As a temporary workaround, restrict access to sensitive user information to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L Rev.B version 2.06B1 Description: A buffer overflow issue in the /bin/boa binary via the formWlanGuestSetup function allows remote authenticated users to trigger a denial of service (DoS) through the `webpage` parameter. This vulnerability is related to a buffer overflow operation in the memory of the D-Link DIR-619L router's firmware. Recommendations: For D-Link DIR-619L Rev.B version 2.06B1, consider restricting access to the formWlanGuestSetup function and the `webpage` parameter in the /bin/boa binary to minimize the risk of exploitation. As a temporary workaround, avoid using the `webpage` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L Rev.B version 2.06B1 **Description** The issue is related to a buffer overflow vulnerability in the /bin/boa component of the D-Link DIR-619L Rev.B router, specifically via the "goform/formWPS" endpoint, where the `webpage` parameter is involved. This vulnerability can be exploited by remote authenticated users to trigger a denial of service (DoS). The vulnerability is also associated with incorrect clearing or release of resources, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For D-Link DIR-619L Rev.B version 2.06B1, consider disabling access to the "goform/formWPS" endpoint as a temporary workaround until a patch is available. Restrict access to the `/bin/boa` component to minimize the risk of exploitation. Avoid using the `webpage` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L Rev.B version 2.06B1 Description: A buffer overflow issue in the /bin/boa via formTcpipSetup function of the D-Link DIR-619L router's firmware allows remote authenticated users to trigger a denial of service (DoS) through the `curTime` parameter. This vulnerability can be exploited by a remote attacker to cause a denial of service. Recommendations: For D-Link DIR-619L Rev.B version 2.06B1, consider restricting access to the formTcpipSetup function until a patch is available. As a temporary workaround, avoid using the `curTime` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L versions 2.06B1 Description: The issue is related to a buffer overflow in the formWlanSetup Wizard function of the D-Link DIR-619L router's firmware. This can be exploited by a remote attacker to cause a denial of service using the `webpage` parameter in the /bin/boa endpoint. Recommendations: For version 2.06B1, consider disabling the formWlanSetup Wizard function as a temporary workaround until a patch is available. Restrict access to the /bin/boa endpoint to minimize the risk of exploitation. Avoid using the `webpage` parameter in the affected endpoint until the issue is resolved.