Joel Land

**Nome do software vulnerável e versões afetadas** PAN-OS (versões afetadas não especificadas) **Descrição** O problema está relacionado à validação inadequada de entradas no software PAN-OS, o que permite que um invasor manipule o sistema de arquivos físico e eleve seus privilégios. Isso pode ser explorado por um invasor para obter privilégios mais elevados. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Huawei Mobile WiFi E5151 versions before E5151s-2TCPU-V200R001B146D27SP00C00 Huawei Mobile WiFi E5186 versions before V200R001B310D01SP00C00 **Description** The issue allows remote attackers to spoof responses via unspecified vectors, making it easier to launch attacks by utilizing DNS query packets with a static source port. **Recommendations** For Huawei Mobile WiFi E5151 versions before E5151s-2TCPU-V200R001B146D27SP00C00, update to version E5151s-2TCPU-V200R001B146D27SP00C00 or later. For Huawei Mobile WiFi E5186 versions before V200R001B310D01SP00C00, update to version V200R001B310D01SP00C00 or later.

**Name of the Vulnerable Software and Affected Versions** ZyXEL NBG-418N version 1.00(AADZ.3)C0 **Description** The web administration interface has a default password of `1234` for the `admin` account, allowing remote attackers to obtain administrative privileges by leveraging a LAN session. **Recommendations** For version 1.00(AADZ.3)C0, change the default password of the `admin` account to a strong and unique password to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** ZyXEL NBG-418N version 1.00(AADZ.3)C0 **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of arbitrary users. **Recommendations** For version 1.00(AADZ.3)C0, update the firmware to a version that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** Mediabridge Medialink MWN-WAPR300N version 5.07.50 **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability, which allows remote attackers to hijack the authentication of arbitrary users. This can enable unauthorized access to user authentication data. **Recommendations** For Mediabridge Medialink MWN-WAPR300N version 5.07.50, consider disabling access to sensitive features until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the device's web interface to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1102 version 2.10.17 **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability, which allows remote attackers to hijack the authentication of arbitrary users. This can enable unauthorized access to user authentication data. **Recommendations** For Belkin F9K1102 version 2.10.17, consider disabling access to sensitive authentication endpoints as a temporary workaround until a patch is available. Restrict access to the router's web interface to minimize the risk of exploitation. Avoid using the router for sensitive transactions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1102 version 2.10.17 **Description** The issue exists due to the use of an improper algorithm for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by predicting the value of this variable, `ID`. **Recommendations** For Belkin F9K1102 version 2.10.17, consider updating the firmware to a version that uses a proper algorithm for selecting the ID value in the DNS query header, as a temporary workaround, restrict access to the DNS query functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mediabridge Medialink MWN-WAPR300N version 5.07.50 **Description** The web management interface has a default password of `admin` for the `admin` account and a default password of `password` for the `medialink` account. This allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. **Recommendations** For version 5.07.50, change the default passwords for the `admin` and `medialink` accounts to strong, unique passwords to prevent unauthorized access. As a temporary workaround, consider restricting access to the web management interface until the default passwords are changed.

**Name of the Vulnerable Software and Affected Versions** ReadyNet WRT300N-DD version 1.0.26 **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of arbitrary users. **Recommendations** For version 1.0.26, update the firmware to a version that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** ReadyNet WRT300N-DD version 1.0.26 **Description** The issue makes it easier for remote attackers to spoof DNS responses by using the same source port number for every DNS query. **Recommendations** For ReadyNet WRT300N-DD version 1.0.26, consider updating the firmware to a version that does not use the same source port number for every DNS query, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amped Wireless R10000 version 2.5.2.11 **Description** The web administration interface has a default password of `admin` for the `admin` account, allowing remote attackers to obtain administrative privileges by leveraging a LAN session. **Recommendations** For version 2.5.2.11, change the default password of the `admin` account to a strong and unique password to prevent unauthorized access. As a temporary workaround, consider restricting LAN access to the web administration interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ReadyNet WRT300N-DD version 1.0.26 **Description** The web administration interface has a default password of `admin` for the `admin` account, allowing remote attackers to obtain administrative privileges by leveraging a LAN session. **Recommendations** For version 1.0.26, change the default password of the `admin` account to a strong and unique password to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** ZyXEL P-660HW-T1 versions 3.40(AXH.0) ZyXEL PMG5318-B20A versions 1.00AANC0b5 ZyXEL NBG-418N (affected versions not specified) **Description** The issue is related to the use of a default password for the administrator account in the firmware of certain ZyXEL devices and the ZyNOS operating system. This allows a remote attacker to gain administrative access. **Recommendations** For ZyXEL P-660HW-T1 version 3.40(AXH.0), change the default administrator password to a unique and strong password. For ZyXEL PMG5318-B20A version 1.00AANC0b5, change the default administrator password to a unique and strong password. For ZyXEL NBG-418N, change the default administrator password to a unique and strong password.

**Name of the Vulnerable Software and Affected Versions** Amped Wireless R10000 version 2.5.2.11 **Description** The issue is related to the use of an improper algorithm for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by predicting this value. **Recommendations** For Amped Wireless R10000 version 2.5.2.11, consider updating the firmware to a version that uses a proper algorithm for selecting the ID value in DNS queries, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amped Wireless R10000 version 2.5.2.11 **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability, which allows remote attackers to hijack the authentication of arbitrary users. This can enable an attacker to access authentication data of users. **Recommendations** For version 2.5.2.11, as a temporary workaround, consider restricting access to sensitive features until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1102 version 2.10.17 **Description** The web management interface has a blank password, allowing remote attackers to obtain administrative privileges by leveraging a LAN session. **Recommendations** For Belkin F9K1102 version 2.10.17, consider changing the default password to a strong and unique one to prevent unauthorized access. As a temporary workaround, restrict LAN access to the device until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1102 version 2.10.17 **Description** The issue allows remote attackers to obtain administrative privileges by making certain changes to `LockStatus` and `Login Success` values, as the device relies on client-side JavaScript code for authorization. **Recommendations** For Belkin F9K1102 version 2.10.17, consider disabling the use of client-side JavaScript code for authorization until a patch is available. Restrict access to administrative privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mediabridge Medialink MWN-WAPR300N version 5.07.50 Tenda N3 Wireless N150 (affected versions not specified) **Description** The issue allows remote attackers to gain administrative access by using a certain admin substring in an HTTP Cookie header. **Recommendations** For Mediabridge Medialink MWN-WAPR300N version 5.07.50, consider restricting access to the administrative interface until a fix is available. For Tenda N3 Wireless N150, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR WNR1000v3 version 1.0.2.68 **Description** The issue makes it easier for remote attackers to spoof DNS responses by using the same source port number for every DNS query. **Recommendations** For NETGEAR WNR1000v3 version 1.0.2.68, consider updating the firmware to a version that does not use the same source port number for every DNS query as a permanent solution. As a temporary workaround, restrict access to DNS queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Buffalo WZR-600DHP2 versions 2.09 through 2.16 **Description** The issue is related to an improper algorithm used for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by predicting this value. **Recommendations** For versions 2.09 through 2.16, at the moment, there is no information about a newer version that contains a fix for this vulnerability.