Gonzalo Garcia Leon

**Name of the Vulnerable Software and Affected Versions** Conceptronic CIPCAMPTIWL V3 version 0.61.30.21 **Description** An issue allows an unauthenticated attacker to crash a device by sending a POST request with a large body size to the "hy-cgi/devices.cgi?cmd=searchlandevice" endpoint. This results in the device completely freezing. **Recommendations** For version 0.61.30.21, as a temporary workaround, consider restricting access to the "hy-cgi/devices.cgi?cmd=searchlandevice" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Conceptronic CIPCAMPTIWL V3 version 0.61.30.21 **Description** An issue exists where CSRF is present in the "hy-cgi/user.cgi" API endpoint, allowing actions such as changing an administrator password or adding a new administrator account. **Recommendations** For Conceptronic CIPCAMPTIWL V3 version 0.61.30.21, as a temporary workaround, consider restricting access to the "hy-cgi/user.cgi" API endpoint to minimize the risk of exploitation. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.