Jeremy Allen

**Name of the Vulnerable Software and Affected Versions** SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware prior to 01A.8 **Description** The issue is related to the web interface of the SysLINK M2M Modular Gateway, which has a default password. This makes it easier for remote attackers to obtain access to the device. The vulnerability can be exploited by attackers to gain unauthorized access. **Recommendations** For firmware versions prior to 01A.8, update the firmware to version 01A.8 or later to resolve the issue. As a temporary workaround, consider changing the default password to a strong and unique password until a firmware update is available.

**Name of the Vulnerable Software and Affected Versions** SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware prior to 01A.8 **Description** The issue allows remote authenticated users to execute arbitrary commands. This is achieved via the `dnsmasq` parameter, also known as `5066`, in the `flu.cgi` script within the web interface. **Recommendations** For firmware versions prior to 01A.8, update the firmware to version 01A.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware prior to 01A.8 **Description** The issue concerns the use of a hardcoded encryption key across different installations of the device, allowing attackers to bypass cryptographic protection by leveraging knowledge of this key from another installation. **Recommendations** For firmware versions prior to 01A.8, update the firmware to version 01A.8 or later to resolve the issue.