Kenney Lu

**Name of the Vulnerable Software and Affected Versions** D-Link EyeOn Baby Monitor (DCS-825L) version 1.08.1 **Description** The issue allows a remote attacker to execute arbitrary code with root privilege on the device by sending a crafted UDP request to the "Discover" service, which can lead to a stack overflow. This service provides functions such as changing passwords and retrieving basic information. **Recommendations** For D-Link EyeOn Baby Monitor (DCS-825L) version 1.08.1, consider disabling the UDP "Discover" service until a patch is available to prevent potential exploitation. Restrict access to the device to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PLANEX CS-W50HD devices with firmware before 030720 Description: A command-injection issue exists in the web management UI on the NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code, but authentication is required before executing the attack. Recommendations: For PLANEX CS-W50HD devices with firmware before 030720, update the firmware to version 030720 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/cgi-bin/nasset.cgi" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PLANEX CS-W50HD devices with firmware prior to 030720 Description: A hardcoded credential `supervisor:dangerous` is injected into the web authentication database `/.htpasswd` during the booting process, allowing attackers to gain unauthorized access and control the device completely. The account cannot be modified or deleted. Recommendations: For PLANEX CS-W50HD devices with firmware prior to 030720, update the firmware to version 030720 or later to remove the hardcoded credential. As a temporary workaround, consider restricting access to the device until the firmware can be updated.

Name of the Vulnerable Software and Affected Versions: NEC Aterm WG2600HP2 version 1.0.2 Description: An issue was discovered in the NEC Aterm WG2600HP2 router, which has a set of web service APIs for accessing and setting up the configuration. Some of these APIs do not require authentication, allowing an attacker to exploit this issue by sending a crafted HTTP request to retrieve sensitive information, such as DHCP clients, firmware version, and network status. For example, an attacker could use a command like `curl -X http://[IP]/aterm httpif.cgi/negotiate -d "REQ ID=SUPPORT IF GET"` to exploit this. Recommendations: For NEC Aterm WG2600HP2 version 1.0.2, as a temporary workaround, consider restricting access to the `aterm httpif.cgi` API endpoint to minimize the risk of exploitation. Avoid using the `REQ ID` parameter with the value `SUPPORT IF GET` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: PLANEX CS-QR20 version 1.30 Description: A hidden and undocumented management page in the device allows an attacker to execute arbitrary code when the user is authenticated. The management page, used for debugging purposes and accessible at the "/admin/system command.asp" API endpoint, enables the execution of any command. Recommendations: For PLANEX CS-QR20 version 1.30, as a temporary workaround, consider restricting access to the "/admin/system command.asp" API endpoint until a patch is available. Avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PLANEX CS-QR20 version 1.30 Description: A security issue was found where a hardcoded account and password, `admin` and `password`, are used in the Android application. This allows attackers to utilize a hidden API URL "/goform/SystemCommand" to execute any command with root permission. Recommendations: For PLANEX CS-QR20 version 1.30, consider changing the default `admin` password to a strong and unique one, and restrict access to the "/goform/SystemCommand" API endpoint to prevent unauthorized command execution. As a temporary workaround, consider disabling the use of the hardcoded `admin` account until a patch is available.