Joel Serna Moreno

**Name of the Vulnerable Software and Affected Versions** Shenzhen Reachfar version v28 **Description** The issue allows a remote attacker to retrieve all the week's logs stored in the 'log2' directory, potentially exposing sensitive information such as remembered wifi networks, sent messages, SOS device locations, and device configurations. **Recommendations** For Shenzhen Reachfar version v28, consider restricting access to the 'log2' directory as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** This issue allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. No information is provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.