Henry Huang

**Name of the Vulnerable Software and Affected Versions** QNAP Photo Station (affected versions not specified) **Description** The issue allows remote attackers to access or modify system files due to an external control of file name or path vulnerability. This vulnerability is related to incorrect limitation of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to compromise data integrity. **Recommendations** To fix the vulnerability, update Photo Station to the latest version. As a temporary workaround, consider restricting access to sensitive system files until a patch is available. Avoid using the vulnerable Photo Station application until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS (affected versions not specified) **Description** This issue is related to improper input validation, allowing remote attackers to inject arbitrary code into the system. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** To fix the vulnerability, update QTS to the latest version. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation. Avoid using the system until the issue is resolved with an update to the latest version. At the moment, there is no information about specific versions that contain a fix for this vulnerability, so updating to the latest version is the recommended course of action.

**Name of the Vulnerable Software and Affected Versions** QNAP Photo Station (affected versions not specified) **Description** This issue allows remote attackers to access or modify system files due to external control of file name or path. It is related to incorrect limitation of the directory path name with limited access. Exploitation may allow a remote attacker to compromise data integrity. **Recommendations** To fix the vulnerability, update Photo Station to the latest version. As a temporary workaround, consider restricting access to sensitive system files until the update is applied. Avoid using the vulnerable Photo Station version until it is updated to the latest version.

**Name of the Vulnerable Software and Affected Versions** QNAP Photo Station (affected versions not specified) **Description** This issue is related to improper access control, allowing remote attackers to gain unauthorized access to the system. The exploitation of this issue can lead to unauthorized system access. **Recommendations** To fix this issue, update Photo Station to the latest version. As a temporary workaround, consider restricting access to sensitive system components until the update is applied. Restrict access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-822 C1 versions prior to v3.11B01Beta D-Link DIR-822-US C1 versions prior to v3.11B01Beta D-Link DIR-850L A* versions prior to v1.21B08Beta D-Link DIR-850L B* versions prior to v2.22B03Beta D-Link DIR-880L A* versions prior to v1.20B02Beta **Description** The issue is related to weaknesses in the authentication procedure of D-Link router software. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For D-Link DIR-822 C1 versions prior to v3.11B01Beta, update to v3.11B01Beta or later. For D-Link DIR-822-US C1 versions prior to v3.11B01Beta, update to v3.11B01Beta or later. For D-Link DIR-850L A* versions prior to v1.21B08Beta, update to v1.21B08Beta or later. For D-Link DIR-850L B* versions prior to v2.22B03Beta, update to v2.22B03Beta or later. For D-Link DIR-880L A* versions prior to v1.20B02Beta, update to v1.20B02Beta or later.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-822 C1 versions prior to v3.11B01Beta D-Link DIR-822-US C1 versions prior to v3.11B01Beta D-Link DIR-850L A* versions prior to v1.21B08Beta D-Link DIR-850L B* versions prior to v2.22B03Beta D-Link DIR-880L A* versions prior to v1.20B02Beta **Description** The issue is related to the lack of input data sanitization in the firmware of D-Link routers. This allows an authenticated remote attacker to execute arbitrary commands. **Recommendations** For D-Link DIR-822 C1 versions prior to v3.11B01Beta, update to v3.11B01Beta or later. For D-Link DIR-822-US C1 versions prior to v3.11B01Beta, update to v3.11B01Beta or later. For D-Link DIR-850L A* versions prior to v1.21B08Beta, update to v1.21B08Beta or later. For D-Link DIR-850L B* versions prior to v2.22B03Beta, update to v2.22B03Beta or later. For D-Link DIR-880L A* versions prior to v1.20B02Beta, update to v1.20B02Beta or later.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 4.8.0 through 4.8.1 **Description** An issue was discovered in phpMyAdmin where an attacker can include and potentially execute files on the server due to improper testing for whitelisted pages during page redirection and loading within phpMyAdmin. The attacker must be authenticated, except in cases where `$cfg['AllowArbitraryServer'] = true` or `$cfg['ServerDefault'] = 0`, which can bypass login requirements or allow arbitrary code execution. **Recommendations** For phpMyAdmin versions 4.8.0 through 4.8.1, update to version 4.8.2 or later to resolve the issue. As a temporary workaround, consider disabling the `$cfg['AllowArbitraryServer']` and `$cfg['ServerDefault'] = 0` configurations to minimize the risk of exploitation. Restrict access to sensitive files and directories on the server to prevent potential execution by an attacker.