SUSE-FU-2026:21232-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...

TOTOLINK A720R Stack Buffer Overflow Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...

CVE-2025-60683

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary, specifically in the sub40BFA4 function that handles network interface reinitialization from '/var/system/linuxvlanreinit'. Input is only partially validated by checking...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

EUVD-2025-175376

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

EUVD-2025-175311

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...

CVE-2025-60683

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary, specifically in the sub40BFA4 function that handles network interface reinitialization from '/var/system/linuxvlanreinit'. Input is only partially validated by checking...

CVE-2025-60685

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...

CVE-2025-60671

CVE-2025-60671 affects the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin, via command injection in timelycheck and sysconf processing /var/system/linux_vlan_reinit. Root cause: content read from that file is only partially validated for a prefix and then formatted with vsnprintf(...

PT-2025-46879

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G router firmware version DIR823G V1.0.2B05 20181207.bin Description A command injection issue exists in the D-Link DIR-823G router firmware. The timelycheck and sysconf binaries process the /var/system/linux vlan reinit file. Th...

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a command injection vulnerability that stems from the failure of timelycheck and sysconf binari...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

PT-2025-46844

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614 B20230630 within the sysconf binary, specifically in the sub 40BFA4 function that handles network interface reinitialization from '/var/system/linux vlan reinit'. Input is only partially validated by...

CVE-2025-60675

CVE-2025-60675 affects D-Link DIR-823G router (firmware DIR823G_V1.0.2B05_20181207.bin). The vulnerability is in the timelycheck and sysconf binaries that parse /tmp/new_qos.rule; fields are concatenated into command strings and executed via system() without sanitization. An attacker with write a...

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

PT-2025-46888

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G V1.0.2B05 20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenat...

TOTOLINK A720R 安全漏洞

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...