Shulao2020

**Name of the Vulnerable Software and Affected Versions** Chengdu VEC40G version 3.0 **Description** A problematic issue was found in the software, affecting an unknown functionality of the file "/send order.cgi?parameter=restart". The manipulation of the `restart` argument with the input `reboot` leads to denial of service. The attack can be launched remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For Chengdu VEC40G version 3.0, as a temporary workaround, consider restricting access to the "/send order.cgi?parameter=restart" file to minimize the risk of exploitation. Avoid using the `restart` argument with the input `reboot` in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBOS version 4.5.5 **Description** A critical issue has been found, affecting the function `actionDel` of the file "?r=dashboard/approval/del". The manipulation of the `id` argument leads to SQL injection. The exploit has been disclosed to the public. **Recommendations** For IBOS version 4.5.5, as a temporary workaround, consider restricting access to the `actionDel` function of the file "?r=dashboard/approval/del" to minimize the risk of exploitation. Avoid using the `id` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.