Capitan Alfalo

**Name of the Vulnerable Software and Affected Versions** Comtech H8 Heights Remote Gateway version 2.5.1 **Description** The issue allows for XSS and HTML injection attacks through the `SiteName` field. **Recommendations** For Comtech H8 Heights Remote Gateway version 2.5.1, avoid using the `SiteName` field until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `SiteName` field to prevent XSS and HTML injection attacks.

**Name of the Vulnerable Software and Affected Versions** Intellian Remote Access version 3.18 **Description** The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the `Ping Test` field. **Recommendations** For Intellian Remote Access version 3.18, consider restricting access to the Ping Test field to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ScadaBR versions 1.0CE through 1.1.0-RC **Description** The issue is related to a request for a nonexistent resource. It can be exploited via the "dwr/test/" PATH INFO, allowing for XSS attacks. **Recommendations** For ScadaBR versions 1.0CE through 1.1.0-RC, as a temporary workaround, consider restricting access to the "dwr/test/" PATH INFO to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT (affected versions not specified) **Description** The issue allows remote attackers to discover Wi-Fi credentials. This is achieved through specific SNMP requests, including `iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001` and `1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Technicolor CWA0101 version CWA0101E-A23E-c7000r5712-170315-SKC **Description** The issue allows remote attackers to discover Wi-Fi credentials. This is achieved through specific SNMP requests, including `iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001` and `1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001`. **Recommendations** As a temporary workaround, consider disabling SNMP until a patch is available. Restrict access to the vulnerable SNMP endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Technicolor CGA0111 version CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU **Description** The issue allows remote attackers to discover Wi-Fi credentials. This is achieved via specific SNMP requests, including `iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001` and `1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001`. **Recommendations** As a temporary workaround, consider disabling SNMP until a patch is available. Restrict access to the vulnerable SNMP endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606 D-Link DCM-704 version EU DCM-704 1.10 **Description** The issue is related to errors in processing SNMP requests, which can allow a remote attacker to disclose credentials. Specifically, attackers can discover Wi-Fi credentials via `iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32` and `iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32` SNMP requests. **Recommendations** For D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606, consider disabling SNMP until a patch is available. For D-Link DCM-704 version EU DCM-704 1.10, restrict access to the vulnerable SNMP endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Technicolor TC7110.AR STD version 3.38.03 **Description** The issue allows remote attackers to discover Wi-Fi credentials. This is achieved through specific SNMP requests, including `iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32` and `iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32`. **Recommendations** For Technicolor TC7110.AR STD version 3.38.03, consider restricting access to the SNMP service to minimize the risk of exploitation. As a temporary workaround, limit the use of the affected SNMP requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Technicolor TC7200.TH2v2 SC05.00.22 **Description** The issue allows remote attackers to discover Wi-Fi credentials. This is achieved through specific SNMP requests, including `iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32` and `iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a **Description** The issue allows remote attackers to discover Wi-Fi credentials. This is achieved through specific SNMP requests, including `iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001` and `1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001`. **Recommendations** As a temporary workaround, consider disabling SNMP until a patch is available. Restrict access to the vulnerable SNMP endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Telegram version 4.9.1 Telegram Web-version 0.7.0 **Description** The issue concerns a side channel in the "secret chat" feature where Telegram servers send GET requests for URLs typed while composing a chat message, before the message is sent. Additionally, GET requests are sent to other URLs on the same web server. This can also be interpreted as a Server-Side Request Forgery (SSRF) issue. A third party has reported that the behavior may be caused by misconfiguration of the "Secret chats > Preview links" setting. **Recommendations** For Telegram version 4.9.1, consider disabling the "Secret chats > Preview links" setting to minimize the risk of exploitation. For Telegram Web-version 0.7.0, restrict access to the "secret chat" feature until the issue is resolved. As a temporary workaround, avoid using the "secret chat" feature in affected versions until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Kaonmedia CG2001-AN22A version 1.2.1 Kaonmedia CG2001-UDBNA version 3.0.8 Kaonmedia CG2001-UN2NA version 3.0.8 **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including `iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0` and `iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0`. **Recommendations** For Kaonmedia CG2001-AN22A version 1.2.1, restrict access to the SNMP service to minimize the risk of exploitation. For Kaonmedia CG2001-UDBNA version 3.0.8, consider disabling the SNMP requests `iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0` and `iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0` until a patch is available. For Kaonmedia CG2001-UN2NA version 3.0.8, avoid using the vulnerable SNMP endpoints to prevent credential discovery.

**Name of the Vulnerable Software and Affected Versions** Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a **Description** The issue allows for a Cross Protocol Injection attack, which can lead to a Cross-Site Scripting (XSS) attack. This is achieved by exploiting the `setSSID` of `1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TEKNOTEL CBW700N version 81.447.392110.729.024 **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0". **Recommendations** For version 81.447.392110.729.024, consider restricting access to the SNMP service to minimize the risk of exploitation. As a temporary workaround, limit the use of the affected `iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0` and `iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0` SNMP requests until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Comtrend CM-6200un version 123.447.007 Comtrend CM-6300n version 123.553mp1.005 **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0". **Recommendations** For Comtrend CM-6200un version 123.447.007, restrict access to the SNMP service until a patch is available. For Comtrend CM-6300n version 123.553mp1.005, consider disabling the SNMP protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bnmux BCW700J version 5.20.7 Bnmux BCW710J version 5.30.6a Bnmux BCW710J2 version 5.30.16 **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0". **Recommendations** For Bnmux BCW700J version 5.20.7, restrict access to the SNMP service to minimize the risk of exploitation. For Bnmux BCW710J version 5.30.6a, consider disabling the SNMP protocol until a patch is available. For Bnmux BCW710J2 version 5.30.16, avoid using the vulnerable SNMP requests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zoom 5352 version 5.5.8.6Y **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including `iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0` and `iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0`. **Recommendations** For Zoom 5352 version 5.5.8.6Y, consider restricting access to the SNMP service to minimize the risk of exploitation. As a temporary workaround, limit the use of the affected SNMP requests until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iNovo Broadband IB-8120-W21 version 139.4410mp1.004200.002 iNovo Broadband IB-8120-W21E1 version 139.4410mp1.3921132mp1.899.004404.004 **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including `iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0` and `iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0`. **Recommendations** For iNovo Broadband IB-8120-W21 version 139.4410mp1.004200.002, restrict access to the SNMP service to minimize the risk of exploitation. For iNovo Broadband IB-8120-W21E1 version 139.4410mp1.3921132mp1.899.004404.004, consider disabling the SNMP protocol until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Skyworth CM5100 version 1.1.0 Skyworth CM5100-440 version 1.2.1 Skyworth CM5100-511 version 4.1.0.14 Skyworth CM5100-GHD00 version 1.2.2 Skyworth CM5100.g2 version 4.1.0.17 **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including `iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0` and `iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0`. **Recommendations** For Skyworth CM5100 version 1.1.0, update the device to a newer version that contains a fix for this issue. For Skyworth CM5100-440 version 1.2.1, update the device to a newer version that contains a fix for this issue. For Skyworth CM5100-511 version 4.1.0.14, update the device to a newer version that contains a fix for this issue. For Skyworth CM5100-GHD00 version 1.2.2, update the device to a newer version that contains a fix for this issue. For Skyworth CM5100.g2 version 4.1.0.17, update the device to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the SNMP service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ARRIS DG950A version 7.10.145 ARRIS DG950S version 7.10.145.EURO **Description** The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0". **Recommendations** For ARRIS DG950A version 7.10.145, restrict access to the SNMP requests "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0" to minimize the risk of exploitation. For ARRIS DG950S version 7.10.145.EURO, restrict access to the SNMP requests "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0" to minimize the risk of exploitation.