Zichuan Li

**Name of the Vulnerable Software and Affected Versions** Phoenix SecureCore for Intel Gemini Lake versions 4.1.0.1 through 4.1.0.566 **Description** The issue is related to a potential buffer overflow in unsafe UEFI variable handling. **Recommendations** For Phoenix SecureCore for Intel Gemini Lake versions 4.1.0.1 through 4.1.0.566, update to version 4.1.0.567 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Acer Aspire E5-475G (affected versions not specified) **Description** The issue concerns a stack overflow vulnerability in the BIOS firmware of the affected device. Specifically, it is located in the FpGui module. A local attacker can exploit this by making a second call to GetVariable services, allowing them to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acer Altos W2000h-W570h F4 version R01.03.0018 **Description** A stack overflow was discovered in the RevserveMem component, allowing attackers to cause a Denial of Service (DoS) by injecting crafted shellcode into the `NVRAM` variable. **Recommendations** For Acer Altos W2000h-W570h F4 version R01.03.0018, as a temporary workaround, consider restricting access to the RevserveMem component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Acer Altos T110 F3 firmware version <= P13 Acer AP130 F2 firmware version <= P04 Acer Aspire 1600X firmware version <= P11.A3L Acer Aspire 1602M firmware version <= P11.A3L Acer Aspire 7600U firmware version <= P11.A4 Acer Aspire MC605 firmware version <= P11.A4L Acer Aspire TC-105 firmware version <= P12.B0L Acer Aspire TC-120 firmware version <= P11-A4 Acer Aspire U5-620 firmware version <= P11.A1 Acer Aspire X1935 firmware version <= P11.A3L Acer Aspire X3475 firmware version <= P11.A3L Acer Aspire X3995 firmware version <= P11.A3L Acer Aspire XC100 firmware version <= P11.B3 Acer Aspire XC600 firmware version <= P11.A4 Acer Aspire Z3-615 firmware version <= P11.A2L Acer Veriton E430G firmware version <= P21.A1 Acer Veriton B630 49 firmware version <= AAP02SR Acer Veriton E430 firmware version <= P11.A4 Acer Veriton M2110G firmware version <= P21.A3 Acer Veriton M2120G firmware version <= (no version specified) **Description** The issue is related to a stack buffer overflow vulnerability in the UEFI DXE driver on some Acer products. This vulnerability could lead to arbitrary code execution, allowing an attacker to escalate privilege from ring 3 to ring 0 and hijack control flow during UEFI DXE execution. **Recommendations** For Acer Altos T110 F3 firmware version <= P13, update to a version higher than P13. For Acer AP130 F2 firmware version <= P04, update to a version higher than P04. For Acer Aspire 1600X firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire 1602M firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire 7600U firmware version <= P11.A4, update to a version higher than P11.A4. For Acer Aspire MC605 firmware version <= P11.A4L, update to a version higher than P11.A4L. For Acer Aspire TC-105 firmware version <= P12.B0L, update to a version higher than P12.B0L. For Acer Aspire TC-120 firmware version <= P11-A4, update to a version higher than P11-A4. For Acer Aspire U5-620 firmware version <= P11.A1, update to a version higher than P11.A1. For Acer Aspire X1935 firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire X3475 firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire X3995 firmware version <= P11.A3L, update to a version higher than P11.A3L. For Acer Aspire XC100 firmware version <= P11.B3, update to a version higher than P11.B3. For Acer Aspire XC600 firmware version <= P11.A4, update to a version higher than P11.A4. For Acer Aspire Z3-615 firmware version <= P11.A2L, update to a version higher than P11.A2L. For Acer Veriton E430G firmware version <= P21.A1, update to a version higher than P21.A1. For Acer Veriton B630 49 firmware version <= AAP02SR, update to a version higher than AAP02SR. For Acer Veriton E430 firmware version <= P11.A4, update to a version higher than P11.A4. For Acer Veriton M2110G firmware version <= P21.A3, update to a version higher than P21.A3. For Acer Veriton M2120G, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 **Description** A command injection issue was found in the `/sbin/acos service` binary, allowing remote authenticated attackers to modify values in a vulnerable parameter. This could potentially lead to unauthorized changes. **Recommendations** For Netgear R6200 v2 firmware through R6200v2-V1.0.3.12, consider restricting access to the `/sbin/acos service` binary until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6200 V2 versions through R6200v2-V1.0.3.12 10.1.11 NETGEAR R6300 V2 versions through R6300v2-V1.0.4.52 10.0.93 **Description** The issue allows remote authenticated attackers to execute arbitrary commands via shell metacharacters in the `ipv6 fix.cgi` parameters, specifically `ipv6 wan ipaddr`, `ipv6 lan ipaddr`, `ipv6 wan length`, or `ipv6 lan length`. **Recommendations** For NETGEAR R6200 V2 versions through R6200v2-V1.0.3.12 10.1.11, update to a version later than R6200v2-V1.0.3.12 10.1.11 to resolve the issue. For NETGEAR R6300 V2 versions through R6300v2-V1.0.4.52 10.0.93, update to a version later than R6300v2-V1.0.4.52 10.0.93 to resolve the issue. As a temporary workaround, consider restricting access to the `ipv6 fix.cgi` endpoint until a patch is available. Avoid using the parameters `ipv6 wan ipaddr`, `ipv6 lan ipaddr`, `ipv6 wan length`, or `ipv6 lan length` in the affected endpoint until the issue is resolved.