From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Description: - Title: DDNS data is not encrypted - Description: The DDNS client reports data to the server using unencrypted HTTP, making the data susceptible to interception. Any user who obtains the device’s three-code information (MAC, SN, DDNS) can modify the DDNS domain to point to any IP address. 2. Affected Products: - Product List: MT6000/A1300/X300B/AX1800/AXT1800/MT2500/MT3000/XE3000/XE300/E750/X750/SFT1200/AR300M/AR300M16/AR750/AR750S/B1300/MT1300/MT300N-V2/AP1300/B2200/MV1000/MV1000W/USB150/SF1200/N300/S1300 3. Affected Firmware Versions: - Firmware List: - MT6000: 4.5.8, fixed in 4.6.2 - A1300/X300B: 4.5.16, fixed in 4.5.17 - AX1800/AXT1800/MT2500/MT3000: 4.5.16, fixed in 4.6.2 - X3000/XE3000: 4.4.8, fixed in 4.4.9 - XE300: 4.3.16, fixed in 4.3.17 - E750: 4.3.12, fixed in 4.3.17 - X750/SFT1200/AR300M/AR300M16/AR750/AR750S/B1300/MT1300/MT300N-V2: 4.3.11, fixed in 4.3.17 - AP1300: 3.217, fixed in 3.218 - B2200/MV1000/MV1000W/USB150/SF1200/N300/S1300: 3.216, fixed in 3.218 4. Exploitation Method: - Steps: 1. Obtain the device’s three-code information (MAC, SN, DDNS). 2. Capture the device’s HTTP request. 3. Forge the request using an HTTP client tool (e.g., curl). 5. Impact: - After taking control of the DDNS domain, attackers can impersonate legitimate devices or services, conduct phishing attacks, and trick users into disclosing sensitive information or installing malicious software.