Lê Hữu Quang Linh

**Nome do software vulnerável e versões afetadas** Microsoft SharePoint Server (versões afetadas não especificadas) **Descrição** Existe uma falha no Microsoft SharePoint Server que permite que invasores remotos executem código arbitrário e comprometam o sistema. O problema decorre de uma validação insuficiente de entradas. A exploração dessa falha poderia permitir que um invasor executasse código remotamente utilizando dados especialmente criados para esse fim. Trata-se de um problema de execução remota de código pós-autenticação. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Azure Network Watcher VM Agent (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability. No further details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZyXEL VPN versions 4.30 through 5.37 ZyXEL USG FLEX series firmware versions 4.50 through 5.37 ZyXEL USG FLEX 50(W) series firmware versions 4.16 through 5.37 ZyXEL USG20(W)-VPN series firmware versions 4.16 through 5.37 ZyXEL ATP series firmware versions 4.32 through 5.37 **Description** The issue is related to insufficient input validation in the Quagga package of the affected ZyXEL devices. This could allow an authenticated local attacker to access configuration files on an affected device. **Recommendations** For ZyXEL VPN versions 4.30 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL USG FLEX series firmware versions 4.50 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL USG FLEX 50(W) series firmware versions 4.16 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL USG20(W)-VPN series firmware versions 4.16 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL ATP series firmware versions 4.32 through 5.37, update to a version that includes the fix for the improper input validation vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 Zyxel VPN series firmware versions 4.20 through 5.36 Patch 2 **Description** A command injection vulnerability in the Free Time WiFi hotspot feature could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. The vulnerability is related to the failure to neutralize special elements used in the operating system command, which may allow a remote attacker to execute arbitrary commands. **Recommendations** For Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2, consider disabling the Free Time WiFi hotspot feature until a patch is available. For Zyxel VPN series firmware versions 4.20 through 5.36 Patch 2, restrict access to the Free Time WiFi hotspot feature to minimize the risk of exploitation. As a temporary workaround, avoid using the Free Time WiFi hotspot feature in both Zyxel USG FLEX and VPN series until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions 4.32 through 5.36 Patch 2 Zyxel USG FLEX series versions 4.50 through 5.36 Patch 2 Zyxel USG FLEX 50(W) series versions 4.16 through 5.36 Patch 2 Zyxel USG20(W)-VPN series versions 4.16 through 5.36 Patch 2 Zyxel VPN series versions 4.30 through 5.36 Patch 2 Zyxel NXC2500 versions 6.10(AAIG.0) through 6.10(AAIG.3) Zyxel NXC5500 versions 6.10(AAOS.0) through 6.10(AAOS.4) **Description** A buffer overflow vulnerability in the CAPWAP daemon could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request. This issue is related to a buffer overflow in the memory, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Zyxel ATP series versions 4.32 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX series versions 4.50 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX 50(W) series versions 4.16 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG20(W)-VPN series versions 4.16 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel VPN series versions 4.30 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel NXC2500 versions 6.10(AAIG.0) through 6.10(AAIG.3), update to a version later than 6.10(AAIG.3). For Zyxel NXC5500 versions 6.10(AAOS.0) through 6.10(AAOS.4), update to a version later than 6.10(AAOS.4). As a temporary workaround, consider disabling the CAPWAP daemon until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX series firmware versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2 Zyxel USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2 Zyxel VPN series firmware versions 5.00 through 5.36 Patch 2 Zyxel NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3) Zyxel NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4) **Description** A command injection vulnerability in the access point management feature could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. The vulnerability is related to the failure to neutralize special elements used in the operating system command. **Recommendations** For Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel VPN series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), update to a version later than 6.10(AAIG.3). For Zyxel NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), update to a version later than 6.10(AAOS.4). As a temporary workaround, consider restricting access to the access point management feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2 Zyxel USG FLEX series firmware versions 4.60 through 5.36 Patch 2 Zyxel USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2 Zyxel USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2 Zyxel VPN series firmware versions 4.60 through 5.36 Patch 2 **Description** A command injection vulnerability in the hotspot management feature could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. The vulnerability is related to the failure to neutralize special elements used in the operating system command. **Recommendations** For Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel VPN series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. As a temporary workaround, consider restricting access to the hotspot management feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Media Foundation (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Windows Media Foundation component of Windows operating systems. This allows a remote attacker to execute arbitrary code on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Media (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Windows Media component. This allows a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Windows Media (versões afetadas não especificadas) **Descrição** O problema está relacionado à validação insuficiente de entradas no Windows Media Player, o que pode ser explorado por invasores para executar código arbitrário por meio de um arquivo malicioso especialmente criado. Isso permite que invasores remotos executem código arbitrário e afetem o sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Windows Media Player (versões afetadas não especificadas) **Descrição** O problema está relacionado à validação insuficiente de entradas no Windows Media Player, o que pode ser explorado por invasores para executar código arbitrário usando um arquivo malicioso especialmente criado. Isso pode permitir que invasores remotos afetem o sistema. Não há informações sobre o número estimado de dispositivos potencialmente afetados em todo o mundo ou sobre incidentes reais em que essa vulnerabilidade tenha sido explorada. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.