Public Security Advisories
Coordinated vulnerability disclosures from Argus. Findings, impact, and remediation, published in good faith.
An unchecked copy length derived from parsed network input causes a stack out-of-bounds write in the wlscan ASP handler.
A non-atomic stat/unlink/fopen sequence on a fixed path in /var/tmp is exploitable via symlink substitution.
Error sentinel values from web_read are propagated as unsigned size arguments to f_write, enabling oversized memory operations.
Attacker-controlled filename input reaches fopen and unlink calls without canonicalization or directory confinement.
User-controlled CGI parameters and request-derived buffers are embedded into shell command strings and executed without sanitization.
A hardcoded default admin password literal is embedded in the binary and used in authentication comparisons.
Captive portal credentials are written to syslog in plaintext on authentication failure.
// No embargoed advisories.