D1G

**Name of the Vulnerable Software and Affected Versions** ABUS TVIP 20000-21150 devices **Description** The issue allows remote attackers to execute arbitrary code via shell metacharacters in the "/cgi-bin/mft/wireless mft" ap field. This enables attackers to potentially gain control over the device. **Recommendations** For ABUS TVIP 20000-21150 devices, consider disabling access to the "/cgi-bin/mft/wireless mft" API endpoint until a patch is available. Restrict input to the `ap` field to prevent shell metacharacter injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS ASMB8 iKVM firmware versions 1.14.51 and earlier **Description** The issue allows remote attackers to execute arbitrary code by using SNMP to create extensions. This can be demonstrated by using snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. The vulnerability is related to the implementation of the SNMPv2 protocol and the lack of measures to neutralize special elements, which can allow a remote attacker to execute arbitrary commands. **Recommendations** For versions 1.14.51 and earlier, consider disabling SNMP until a patch is available to prevent exploitation. Restrict access to the NET-SNMP-EXTEND-MIB module to minimize the risk of exploitation. Avoid using the `snmpset` command with /bin/sh for command execution until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.