Craig Heffner

**Nome do Software Vulnerável e Versões Afetadas** D-Link DIR-645 Wired/Wireless Router Rev. Ax versões anteriores a 1.04b12 **Description** A interface HNAP (Home Network Administration Protocol) não neutraliza adequadamente caracteres especiais utilizados em comandos do sistema operacional. Isso permite que atacantes remotos executem comandos arbitrários por meio de uma ação 'GetDeviceSettings'. Em incidentes reais, a botnet Goldoon explorou este problema para obter controle total sobre os dispositivos, extrair dados e estabelecer comunicação com servidores de Comando e Controle (C&C) para lançar ataques DDoS através de 27 vetores diferentes utilizando os protocolos DNS, HTTP, ICMP, TCP e UDP. **Recommendations** Atualize o firmware para uma versão posterior a 1.04b12. Como medida paliativa temporária, restrinja o acesso à interface HNAP para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-100 D-Link DIR-120 D-Link DI-624S D-Link DI-524UP D-Link DI-604S D-Link DI-604UP D-Link DI-604+ D-Link TM-G5240 Planex BRL-04R Planex BRL-04UR Planex BRL-04CW Alpha Networks routers (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and modify settings on the affected routers. This is achieved by using a specific `User-Agent` HTTP header, namely `xmlset roodkcableoj28840ybtide`. There have been real-world incidents where this issue was exploited, specifically in October 2013. **Recommendations** For D-Link DIR-100, update the firmware to remove the vulnerable `User-Agent` header handling. For D-Link DIR-120, restrict access to the web interface until a patch is available. For D-Link DI-624S, avoid using the web interface for critical operations until the issue is resolved. For D-Link DI-524UP, consider disabling remote access to the web interface as a temporary workaround. For D-Link DI-604S, update the router's configuration to limit access to the web interface. For D-Link DI-604UP, change the default settings to prevent unauthorized access. For D-Link DI-604+, apply the latest security patch to fix the authentication bypass issue. For D-Link TM-G5240, modify the `User-Agent` header handling to prevent exploitation. For Planex BRL-04R, restrict the use of the vulnerable `User-Agent` header. For Planex BRL-04UR, update the router's software to remove the vulnerable code. For Planex BRL-04CW, disable the web interface until a fix is available. For Alpha Networks routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ANGEL Learning Management Suite (LMS) version 7.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "section/default.asp" API endpoint. **Recommendations** For version 7.1, consider restricting access to the `id` parameter in the "section/default.asp" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetProxy version 4.03 **Description** The connection log file implementation does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection. **Recommendations** For NetProxy version 4.03, update the connection log file implementation to record all requests, including those that omit http:// in a URL, to prevent unauthorized activities from going undetected.

**Name of the Vulnerable Software and Affected Versions** Grok Developments NetProxy version 4.03 **Description** The issue allows remote attackers to bypass URL filtering. This can be achieved by sending a request that omits "http://" from the URL and specifies the destination port, such as :80. **Recommendations** For Grok Developments NetProxy version 4.03, consider updating the URL filtering rules to handle requests without the "http://" prefix and those that specify the destination port explicitly. As a temporary workaround, restrict access to sensitive URLs by implementing additional filtering mechanisms that check for the presence of "http://" and the destination port in incoming requests.

**Name of the Vulnerable Software and Affected Versions** DoSePa version 1.0.4 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) sequence or absolute file path in the `file` parameter. **Recommendations** For version 1.0.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `textview.php` file to minimize the risk of exploitation. Avoid using absolute file paths or .. (dot dot) sequences in the `file` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BrewBlogger version 1.3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the printLog.php file. **Recommendations** For BrewBlogger version 1.3.1, consider restricting access to the printLog.php file or validating and sanitizing the `id` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `id` parameter in the affected printLog.php file until a patch is available.