Lee Pu

**Name of the Vulnerable Software and Affected Versions** SpotCam Sense (affected versions not specified) **Description** The issue concerns a hidden Telnet function in SpotCam Sense that has an OS command injection vulnerability. This allows a remote unauthenticated attacker to execute command injection attacks, enabling them to perform arbitrary system commands or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotCam FHD 2 (affected versions not specified) **Description** The SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. A remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotCam FHD 2 (affected versions not specified) **Description** The hidden Telnet function in SpotCam FHD 2 has a vulnerability of OS command injection. A remote unauthenticated attacker can exploit this vulnerability to execute command injection attacks on arbitrary system commands or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotCam FHD 2 (affected versions not specified) **Description** The issue concerns the use of hard-coded uBoot credentials in the SpotCam FHD 2 device. A remote attacker can exploit this to access the system, perform arbitrary system operations, or disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Furbo dog camera (affected versions not specified) **Description** The issue is related to insufficient filtering for a special parameter in the device log management function. This can be exploited by an unauthenticated remote attacker in the Bluetooth network with normal user privileges to perform a command injection attack, allowing the execution of arbitrary system commands or disruption of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChangingTec ServiSign (affected versions not specified) **Description** The issue is related to insufficient filtering for special characters in the connection response parameter. This allows an unauthenticated remote attacker to host a malicious website that, when accessed by the component user, can trigger command injection. As a result, the attacker can execute arbitrary system commands to perform various system operations or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChangingTec ServiSign (affected versions not specified) **Description** The issue allows an unauthenticated LAN attacker to exploit a path traversal vulnerability, bypassing authentication and accessing arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChangingTec ServiSign (affected versions not specified) **Description** The issue is related to a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, triggering the component to load malicious DLL files under an arbitrary file path. This allows the attacker to perform arbitrary system operations and disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.