Rustam Amin

**Name of the Vulnerable Software and Affected Versions** Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 **Description** The issue is related to the exploitation of Baicells devices via HTTP command injections, allowing remote shell code execution with root permissions. This is possible due to the lack of protection measures for the web page structure. Commands are executed using pre-login execution. A third-party analyst has tested and validated the exploitability of this issue. **Recommendations** For Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7, consider disabling HTTP command execution until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using pre-login execution for commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Econolite EOS versions prior to 3.2.23 **Description** The issue concerns a lack of password requirement for gaining "READONLY" access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians. **Recommendations** For Econolite EOS versions prior to 3.2.23, update to version 3.2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files and certain database and configuration files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Econolite EOS versions prior to 3.2.23 **Description** The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential encryption, including those of administrators and technicians. **Recommendations** For versions prior to 3.2.23, update to version 3.2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation. Avoid using the MD5 hash algorithm for encrypting credentials until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 **Description** The issue exists due to inadequate protection of the web page structure in Baicells LTE network management systems. Exploitation of this issue may allow a remote attacker to execute arbitrary code with root privileges by injecting HTTP commands. Commands are executed before login and with root permissions. **Recommendations** For Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6, consider restricting access to HTTP commands to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling pre-login execution of commands may also help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.