Bhadresh Patel

**Nome do software vulnerável e versões afetadas** Versões do ManageEngine ADSelfService Plus anteriores à compilação 6003 **Descrição** Existe uma vulnerabilidade de elevação de privilégios porque o software não aplica corretamente os privilégios de usuário associados a uma caixa de diálogo de certificado. Isso poderia permitir que um invasor não autenticado elevasse privilégios em um host Windows sem precisar de nenhum privilégio no sistema de destino. O invasor pode explorar essa vulnerabilidade acionando um alerta de segurança com um certificado SSL autoassinado e, em seguida, usando a opção “Exibir certificado” para exportar o certificado e abrir o Explorer como SYSTEM, lançando, por fim, o cmd.exe como SYSTEM. **Recomendações** Para versões do ManageEngine ADSelfService Plus anteriores à compilação 6003, atualize para a compilação 6003 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso à opção de autoatendimento na tela de login do Windows para minimizar o risco de exploração. Além disso, restrinja a capacidade de exportar certificados e limite o acesso ao aplicativo Explorer para impedir que um invasor inicie o cmd.exe como SYSTEM.

**Name of the Vulnerable Software and Affected Versions** Sophos Cyberoam firewall devices with firmware through 10.6.4 **Description** The issue allows remote attackers to execute arbitrary client-side script on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. The `applicationname` and `username` GET parameters are improperly sanitized, allowing an attacker to inject arbitrary JavaScript into the page. This can be abused to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. **Recommendations** For Sophos Cyberoam firewall devices with firmware through 10.6.4, consider restricting access to the LiveConnectionDetail.jsp application until a patch is available. As a temporary workaround, avoid using the `applicationname` and `username` parameters in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** NetCommWireless HSPA 3G10WVE wireless routers versions prior to 3G10WVE-L101-S306ETS-C01 R05 **Description** The issue allows remote attackers to bypass intended access restrictions via a direct request to the `ping.cgi` endpoint. This can potentially be combined with other issues to execute arbitrary commands. **Recommendations** For versions prior to 3G10WVE-L101-S306ETS-C01 R05, update the firmware to version 3G10WVE-L101-S306ETS-C01 R05 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ping.cgi` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NetCommWireless HSPA 3G10WVE wireless routers versions prior to firmware 3G10WVE-L101-S306ETS-C01 R05 **Description** The issue is related to the `ping.cgi` script in the router's firmware, which lacks proper input sanitization. This allows a remote authenticated user to execute arbitrary commands by injecting shell metacharacters into the `DIA IPADDRESS` parameter. **Recommendations** For versions prior to firmware 3G10WVE-L101-S306ETS-C01 R05, update the firmware to version 3G10WVE-L101-S306ETS-C01 R05 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ping.cgi` script until the firmware can be updated. Avoid using the `DIA IPADDRESS` parameter in the `ping.cgi` script with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816L Wireless Router versions prior to 2.06.B09 BETA **Description** The issue allows remote attackers to hijack the authentication of administrators for requests, including changing the admin password and network policy, via crafted requests to "hedwig.cgi" and "pigwidgeon.cgi" API endpoints. **Recommendations** For versions prior to 2.06.B09 BETA, update the firmware to version 2.06.B09 BETA or later to resolve the issue. As a temporary workaround, consider restricting access to the "hedwig.cgi" and "pigwidgeon.cgi" API endpoints until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Hotspot Express hotEx Billing Manager version 73 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `reply` parameter in the `/cgi-bin/hotspotlogin.cgi` API endpoint. **Recommendations** For Hotspot Express hotEx Billing Manager version 73, consider restricting access to the `/cgi-bin/hotspotlogin.cgi` endpoint until a patch is available, and avoid using the `reply` parameter in this endpoint to minimize the risk of exploitation.