Name of the Vulnerable Software and Affected Versions:

Realtek rtl819x Jungle SDK version 3.4.11

Description:

Three os command injection vulnerabilities exist in the boa formWsc functionality. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities. This command injection is related to the `targetAPSsid` request's parameter.

Recommendations:

For Realtek rtl819x Jungle SDK version 3.4.11, consider disabling the boa formWsc functionality until a patch is available. Restrict access to the `targetAPSsid` request parameter to minimize the risk of exploitation. Avoid using the `targetAPSsid` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.