Atonysan

**Name of the Vulnerable Software and Affected Versions** ZIONCOM (Hong Kong) Technology Limited A7000R version 4.1cu.4154 **Description** An issue allows an attacker to execute arbitrary code via the "cig-bin/cstecgi.cgi" endpoint to the `setPasswordCfg` function. **Recommendations** For version 4.1cu.4154, consider disabling access to the "cig-bin/cstecgi.cgi" endpoint until a patch is available. Restrict access to the `setPasswordCfg` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contec SolarView Compact versions 6.0 and earlier **Description** The issue is related to incorrect code generation management in the texteditor.php component of the Contec SolarView Compact software, which can allow an attacker to execute arbitrary code. This can be exploited by a remote attacker. The `texteditor.php` component is specifically mentioned as the vulnerable part of the software. **Recommendations** For Contec SolarView Compact versions 6.0 and earlier, consider disabling the `texteditor.php` component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.