Shorabh Karir

**Name of the Vulnerable Software and Affected Versions** Affected versions not specified **Description** An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. The vulnerable API endpoint is exposed without requiring any form of authentication, enabling unauthorized password modifications. The `password` can be changed remotely via the API. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZLAN5143D (affected versions not specified) **Description** Authentication for the device can be bypassed by directly accessing internal URLs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.