Feng Hao

**Name of the Vulnerable Software and Affected Versions** Anyka Microelectronics AK3918EV300 MCU version 18 **Description** An issue was discovered in the network configuration script within the MCU's operating system, allowing attackers to perform arbitrary command execution via a crafted wifi SSID or password. This is due to a command injection vulnerability. **Recommendations** For Anyka Microelectronics AK3918EV300 MCU version 18, consider disabling the network configuration script until a patch is available to prevent arbitrary command execution. Restrict access to the wifi SSID and password configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 9.3 **Description** The issue allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site, by exploiting a lack of protection for certain data in the WebKit component. This could potentially reveal confidential information about the device. **Recommendations** For iOS versions prior to 9.3, update to iOS 9.3 or later to resolve the issue.