Author: Ameeba

Overview

A critical vulnerability, designated as CVE-2025-5912, has been identified in D-Link DIR-632 FW103B08. This vulnerability carries significant weight as it affects the function do_file of the HTTP POST Request Handler component. The exploitation of this vulnerability could potentially lead to a system compromise or data leakage, making it a matter of grave concern for the cybersecurity community. It is particularly alarming because the exploit is publicly disclosed and may be used, and it affects products no longer supported by the maintainer, which means they are unlikely to receive patches or updates.

Vulnerability Summary

CVE ID: CVE-2025-5912
Severity: Critical (CVSS score 8.8)
Attack Vector: Network (Remote)
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

D-Link DIR-632 FW103B08 | All versions

How the Exploit Works

The vulnerability lies in the function do_file within the HTTP POST Request Handler of the D-Link DIR-632 router firmware. An attacker can remotely send a maliciously crafted HTTP POST request to this function, causing a stack-based buffer overflow. This occurrence can lead to arbitrary code execution on the device, resulting in a system compromise. Given that the exploit can be initiated remotely and without any user interaction, this vulnerability presents a significant security risk.

Conceptual Example Code

Here is a conceptual example of an HTTP POST request that could potentially exploit this vulnerability:

POST /do_file HTTP/1.1
Host: vulnerable.router.ip
Content-Type: application/octet-stream
{ "malicious_payload": "OVERFLOWING_DATA" }

In this example, the “malicious_payload” contains data that exceeds the buffer’s capacity, causing a buffer overflow. The overflowing data may contain malicious instructions that the system executes unknowingly.

Mitigation

Given that the affected products are no longer supported by the maintainer, the primary course of action to mitigate this vulnerability is to apply any available vendor patches. If no patches are available, it is recommended to use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) as temporary mitigation. Users are also advised to replace the affected devices with those that are currently supported and receiving security updates.

Overview

The cybersecurity community has identified a vulnerability in the “RH – Real Estate WordPress Theme”, a popular theme for WordPress sites. This theme is widely used across real estate websites, and its vulnerability could potentially impact numerous users and website owners. The identified vulnerability enables privilege escalation, allowing attackers with minimal access to gain administrator rights, potentially compromising systems or causing data leakage. Given the severity of this vulnerability, it is critical for users and system administrators to understand its implications and take appropriate mitigation steps.

Vulnerability Summary

CVE ID: CVE-2025-4601
Severity: High (8.8 CVSS score)
Attack Vector: Network
Privileges Required: Low (Subscriber-level access)
User Interaction: Required
Impact: System Compromise and Potential Data Leakage

Affected Products

Product | Affected Versions

RH – Real Estate WordPress Theme | Up to and including 4.4.0

How the Exploit Works

The vulnerability lies in the inspiry_update_profile() function of the theme. This function does not properly restrict the user roles that can be updated. Consequently, an attacker with subscriber-level access can exploit this weakness to assign themselves an administrator role. With administrator rights, the attacker can then execute actions that could lead to system compromise or data leakage.

Conceptual Example Code

Here is a conceptual example of how this vulnerability might be exploited. This pseudocode illustrates how an attacker might send a POST request to change their user role to ‘administrator.

POST /wp-admin/profile.php HTTP/1.1
Host: target.example.com
Content-Type: application/x-www-form-urlencoded
username=attacker&role=administrator&password=secret

In the above pseudocode, ‘attacker’ is the username of the attacker, ‘administrator’ is the role they wish to escalate to, and ‘secret’ is their password.

Solution and Mitigations

The vulnerability was fully patched in version 4.4.1 of the RH – Real Estate WordPress Theme. Users are advised to update their theme to this version or a later one. If an immediate update is not possible, using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can serve as a temporary mitigation measure. These can help detect and prevent exploitation attempts while the system is still vulnerable.

Overview

The vulnerability we are discussing today, CVE-2025-4387, has been discovered in the Abandoned Cart Pro for WooCommerce plugin. Effectively, it provides a backdoor to attackers wanting to compromise a site’s server and execute potentially harmful code. Anyone using versions up to, and including, 9.16.0 of this plugin is affected by this vulnerability.
Given the popularity of WooCommerce as an ecommerce platform, this vulnerability could potentially impact a significant number of online businesses. The severity of this issue is further heightened by the fact that even an attacker with only subscriber-level access can exploit this vulnerability, leading to potential system compromise or data leakage.

Vulnerability Summary

CVE ID: CVE-2025-4387
Severity: High (CVSS score of 8.8)
Attack Vector: Authenticated Arbitrary File Upload
Privileges Required: Subscriber-level Access
User Interaction: Required
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

Abandoned Cart Pro for WooCommerce |

How the Exploit Works

The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function. This means that a user with subscriber-level access or above can upload arbitrary files on the server where the plugin is installed. Once uploaded, these files could potentially be executed either remotely or locally depending on the server configuration, thus leading to a system compromise or data leakage.

Conceptual Example Code

Here’s an example of how an attacker might exploit this vulnerability by sending a POST request to the server with a crafted JSON payload containing the malicious file:

POST /upload_file HTTP/1.1
Host: target.example.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="malicious.php"
Content-Type: application/x-php
[...malicious PHP code...]
------WebKitFormBoundary7MA4YWxkTrZu0gW--

Please note this is a simplified example and actual attack vectors could vary based on the server configuration and security measures in place.

Overview

CVE-2025-2474 is a severe security vulnerability in the PCX image codec used by QNX Software Development Platform (SDP) versions 8.0, 7.1 and 7.0. This vulnerability could allow an unauthenticated attacker to exploit an out-of-bounds write condition, leading to a potential denial of service or even the execution of arbitrary code. Given the ubiquity of the QNX SDP in a variety of critical infrastructure systems, this vulnerability could have expansive and potentially devastating implications if left unaddressed.

Vulnerability Summary

CVE ID: CVE-2025-2474
Severity: Critical, CVSS Score 9.8
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

QNX SDP | 8.0
QNX SDP | 7.1
QNX SDP | 7.0

How the Exploit Works

The vulnerability stems from an out-of-bounds write condition in the PCX image codec used by QNX SDP. An attacker can exploit this condition by crafting a maliciously formed PCX image file and loading it into the codec. The malformed image file causes the codec to write data beyond the allocated memory buffer. This could result in a crash (denial-of-service condition) or potentially allow the attacker to execute arbitrary code in the context of the process running the image codec.

Conceptual Example Code

While the exact exploitation methods will vary depending on the attacker’s objectives and the specific configuration of the targeted system, a conceptual example of how the vulnerability might be exploited involves sending a malicious PCX image file to the targeted system. The below is a high-level representation of the process:

# Step 1: Craft a malicious PCX image file
$ echo "malicious_payload" > exploit.pcx
# Step 2: Send the malicious image file to the target system
$ scp exploit.pcx user@target.example.com:/path/to/vulnerable/codec/

In this conceptual example, the “malicious_payload” would be replaced with actual exploit code designed to trigger the out-of-bounds write condition in the PCX image codec. It’s important to note that actual exploit code would likely require significant technical expertise to write and would be tailored to the specific characteristics of the targeted system.

Overview

The cybersecurity landscape is filled with an array of threats and vulnerabilities, with one of the recent ones being the CVE-2025-5911. This vulnerability affects TOTOLINK EX1200T up to version 4.1.2cu.5232_B20210713. The vulnerability is classified as critical, posing a significant threat to the security of any system running the affected software. The vulnerability involves an unknown function in the file /boafrm/formDMZ of the HTTP POST Request Handler component. If exploited, it can lead to a buffer overflow, which could potentially compromise the system and lead to data leakage.

Vulnerability Summary

CVE ID: CVE-2025-5911
Severity: Critical, with a CVSS score of 8.8
Attack Vector: Remote
Privileges Required: Low
User Interaction: None
Impact: Potential system compromise and data leakage

Affected Products

Product | Affected Versions

TOTOLINK EX1200T | Up to 4.1.2cu.5232_B20210713

How the Exploit Works

The exploit works by manipulating the HTTP POST Request Handler in the file /boafrm/formDMZ, causing a buffer overflow. A buffer overflow occurs when more data is written to a buffer than it can handle, causing it to overwrite adjacent memory. This can disrupt the normal flow of the application, allowing an attacker to execute arbitrary code or crash the system.

Conceptual Example Code

The following is a conceptual example of how the vulnerability may be exploited. This is a sample HTTP POST request that sends more data than the buffer can handle, causing an overflow.

POST /boafrm/formDMZ HTTP/1.1
Host: target.example.com
Content-Type: application/json
{ "buffer_overflow_data": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..." }

The string “A” is repeated many times to fill the buffer and cause an overflow. In a real-world attack, this could be replaced with malicious code that takes control of the system or extracts sensitive information.

Mitigation Guidance

To mitigate this vulnerability, users are advised to apply the vendor patch as soon as it becomes available. In the meantime, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as a temporary mitigation measure. These tools can help detect and block malicious traffic, reducing the risk of a successful exploit.
By staying vigilant and applying patches promptly, users can significantly reduce the impact of vulnerabilities like CVE-2025-5911.

Overview

The Common Vulnerabilities and Exposures (CVE) system has logged a critical vulnerability, identified as CVE-2025-5905, within the TOTOLINK T10 4.1.8cu.5207. This vulnerability is particularly concerning due to the potential for remote system compromise and data leakage. Any individual or organization using the affected TOTOLINK T10 version is at risk, highlighting the necessity of immediate action to mitigate the threat.

Vulnerability Summary

CVE ID: CVE-2025-5905
Severity: Critical (CVSS: 8.8)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Remote system compromise and potential data leakage

Affected Products

Product | Affected Versions

TOTOLINK T10 | 4.1.8cu.5207

How the Exploit Works

The vulnerability is located in the ‘setWiFiRepeaterCfg’ function of the ‘/cgi-bin/cstecgi.cgi’ file of the POST request handler component. A buffer overflow condition arises when the ‘Password’ argument is manipulated in a particular way. Buffer overflow vulnerabilities occur when more data is put into a buffer than it can handle, causing the extra data to overflow into adjacent memory. This overflow can overwrite other data, leading to erratic program behavior, crashes, or even the execution of malicious code.

Conceptual Example Code

Below is a conceptual example of how the vulnerability might be exploited in an HTTP request:

POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: target.example.com
Content-Type: application/x-www-form-urlencoded
func=setWiFiRepeaterCfg&Password=a%20very%20long%20string%20that%20causes%20buffer%20overflow

In this example, a malicious actor sends a POST request to the vulnerable endpoint, including an excessively long string as the ‘Password’ argument. This string overflows the buffer, potentially allowing the attacker to execute arbitrary code and compromise the system.

Mitigation Measures

In response to this vulnerability, it’s recommended to apply the vendor patch as soon as possible. In case the patch is not available or cannot be immediately applied, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can provide temporary mitigation. These tools can detect and block attempts to exploit this vulnerability, adding an extra layer of security for the affected systems.

Overview

A critical vulnerability has been discovered in the TOTOLINK EX1200T up to version 4.1.2cu.5232_B20210713. This vulnerability, identified as CVE-2025-5910, affects an unknown function of the file /boafrm/formWsc, which is a component of the HTTP POST Request Handler. What makes this vulnerability particularly concerning is the fact that it can be exploited remotely, and the details of the exploit have already been made public. This means that potential attackers are more likely to exploit it, leading to a higher risk for users.

Vulnerability Summary

CVE ID: CVE-2025-5910
Severity: Critical, CVSS score 8.8
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

TOTOLINK EX1200T | Up to 4.1.2cu.5232_B20210713

How the Exploit Works

The vulnerability stems from a buffer overflow condition within the HTTP POST Request Handler’s handling of the /boafrm/formWsc file. If an attacker crafts a malicious HTTP POST request with an oversized payload, it could overflow the buffer and cause undefined behavior in the system. This could allow the attacker to execute arbitrary code, potentially leading to system compromise or data leakage.

Conceptual Example Code

The following is a conceptual example of how an attacker might exploit this vulnerability. Please note that this is a simplified representation and actual attack may involve more complex payloads.

POST /boafrm/formWsc HTTP/1.1
Host: target.example.com
Content-Type: application/x-www-form-urlencoded
param1=value1&param2=value2&...&paramN=very_long_string_exceeding_buffer_capacity

In the above example, `paramN` is the parameter that the attacker uses to overflow the buffer, where `very_long_string_exceeding_buffer_capacity` is a string that exceeds the capacity of the buffer.

Mitigation

Users are advised to apply vendor provided patches as soon as possible. If the patch cannot be applied immediately, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can provide temporary mitigation. However, these measures cannot fully protect against the vulnerability and are only intended as a stop-gap until the patch can be applied.

Overview

A critical vulnerability has been discovered in TOTOLINK T10 4.1.8cu.5207, a popular networking device used by businesses and individuals globally. The vulnerability, designated as CVE-2025-5904, impacts the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi in the POST Request Handler component.
This vulnerability is especially concerning as it can be exploited remotely, exposing a large number of devices to potential attacks. The exploit, which has been publicly disclosed, can lead to system compromise or data leakage, posing significant risks to the security and integrity of the affected systems.

Vulnerability Summary

CVE ID: CVE-2025-5904
Severity: Critical (CVSS: 8.8)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

TOTOLINK T10 | 4.1.8cu.5207

How the Exploit Works

The vulnerability lies in the manipulation of the ‘device_name’ argument in the ‘setWiFiMeshName’ function. An attacker can remotely send a specially crafted POST request to the /cgi-bin/cstecgi.cgi file, manipulating the ‘device_name’ argument. This manipulation can trigger a buffer overflow, potentially leading to arbitrary code execution, system compromise, or data leakage.

Conceptual Example Code

Below is a conceptual example of how the vulnerability might be exploited, using an HTTP request.

POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: target.example.com
Content-Type: application/x-www-form-urlencoded
device_name=[malicious_payload]

In the above example, [malicious_payload] would be replaced by an attacker with a specially crafted payload designed to trigger the buffer overflow.

Mitigation

The users of the affected versions of TOTOLINK T10 are advised to apply the vendor patch as soon as it’s available. In the interim, a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can be used to mitigate the risk by detecting and blocking malicious payloads targeting this vulnerability.

Overview

The cybersecurity landscape is fraught with a broad spectrum of vulnerabilities, and in this post, we will be delving into the critical buffer overflow vulnerability identified as CVE-2025-5909. This vulnerability has been found in TOTOLINK EX1200T versions up to 4.1.2cu.5232_B20210713. It poses a significant threat due to its critical severity score and its potential to be exploited remotely. This vulnerability matters because it can lead to a system compromise or possible data leakage, endangering the integrity of the network and the data it houses.

Vulnerability Summary

CVE ID: CVE-2025-5909
Severity: Critical, CVSS Score 8.8
Attack Vector: Remote
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

TOTOLINK EX1200T | up to 4.1.2cu.5232_B20210713

How the Exploit Works

The exploit takes advantage of an unknown function in the /boafrm/formReflashClientTbl file of the HTTP POST Request Handler component in TOTOLINK EX1200T. The attacker manipulates the buffer, causing it to overflow. This overflow can potentially cause erratic program behavior, leading to system crashes, incorrect outputs, and the execution of malicious code. As this vulnerability can be exploited remotely, it makes the attack vector even more threatening.

Conceptual Example Code

Below is a conceptual HTTP POST request that demonstrates how an attacker might exploit this vulnerability:

POST /boafrm/formReflashClientTbl HTTP/1.1
Host: target.example.com
Content-Type: application/json
{
"overflow_data": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..."
}

In the above example, the “overflow_data” key carries a payload that is larger than what the system buffer can handle, leading to a buffer overflow.

Mitigation Guidance

As the vulnerability has been publicly disclosed, it is imperative to apply a vendor patch as soon as it’s available. In the meantime, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as a temporary mitigation measure, providing some protection against potential exploitation attempts. Always remember, staying up-to-date with such vulnerabilities and their patches can make the difference between maintaining secure systems and falling victim to a cyber attack.

Overview

The CVE-2025-5903 is a critical vulnerability discovered in TOTOLINK T10 4.1.8cu.5207. This vulnerability is notable because it allows for a buffer overflow attack, which can lead to a potential system compromise or data leakage. This high-risk vulnerability poses a significant threat to any organization that relies on TOTOLINK T10 4.1.8cu.5207 for their network operations. Because the exploit has been publicly disclosed, it’s crucial for users of the aforementioned product to apply patches and mitigate the risk promptly.

Vulnerability Summary

CVE ID: CVE-2025-5903
Severity: Critical (CVSS: 8.8)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

TOTOLINK T10 | 4.1.8cu.5207

How the Exploit Works

The CVE-2025-5903 exploit takes advantage of a vulnerability in the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The vulnerability resides in the manipulation of the ‘desc’ argument which can lead to a buffer overflow. This overflow can be exploited remotely, giving the attacker the ability to execute arbitrary code, compromise the system, or cause data leakage.

Conceptual Example Code

Below is a conceptual example of how CVE-2025-5903 might be exploited. Note that this is a simplified and generic example.
“`http
POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: target.example.com
Content-Type: application/x-www-form-urlencoded
setWiFiAclRules=1&desc=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA