Thexc3Ll

**Name of the Vulnerable Software and Affected Versions** Arcserve UDP versions 7.0 through 9.0.6034 **Description** The issue allows authentication bypass, enabling an attacker to obtain a valid session and execute tasks as an administrator. This is achieved by exploiting the `getVersionInfo` method at `WebServiceImpl/services/FlashServiceImpl`, which leaks the `AuthUUID` token. The token can then be used at `/WebServiceImpl/services/VirtualStandbyServiceImpl` to gain administrative access. The vulnerability may be exploited by sending a specially crafted HTTP request, potentially allowing an attacker to elevate privileges and execute arbitrary code. It is estimated that 235,000 clients in 150 countries use the affected software, which could be targeted in ransomware attacks to delete data, including backups. **Recommendations** For Arcserve UDP versions 7.0 through 9.0.6034, update to version 9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `WebServiceImpl/services/FlashServiceImpl` and `/WebServiceImpl/services/VirtualStandbyServiceImpl` endpoints until a patch is available. Avoid using the `AuthUUID` token in the affected API endpoints until the issue is resolved.

**Nome do software vulnerável e versões afetadas** Versões 1.5.1,1 e anteriores do firmware do Digi Passport **Descrição** O problema está relacionado a um estouro de buffer na função de construção da string do cabeçalho Location quando um usuário não autenticado é redirecionado para a página de autenticação. Um invasor pode fornecer uma string no parâmetro `page` para o endpoint “reboot.asp”, permitindo-lhe forçar um estouro quando a string é concatenada ao corpo HTML. **Recomendações** Para as versões 1.5.1.1 e anteriores do firmware do Digi Passport, considere desativar a função vulnerável de construção da string do cabeçalho Location até que uma correção esteja disponível. Restrinja o acesso ao endpoint “reboot.asp” para minimizar o risco de exploração. Evite usar o parâmetro `page` no endpoint afetado até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões 1.5.1.1 e anteriores do firmware do Digi Passport **Descrição** O problema está relacionado a um estouro de buffer. Um invasor pode inserir uma sequência de caracteres no parâmetro `page` do endpoint “reboot.asp”, o que lhe permite forçar um estouro de buffer quando a sequência é concatenada ao corpo do HTML. **Recomendações** Para as versões 1.5.1,1 e anteriores do firmware do Digi Passport, considere desativar o acesso ao endpoint “reboot.asp” até que uma correção esteja disponível. Restrinja o uso do parâmetro `page` neste endpoint para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Name of the Vulnerable Software and Affected Versions** Zeroshell version 3.9.0 **Description** The issue occurs because the web application mishandles a few HTTP parameters, allowing an unauthenticated attacker to exploit this by injecting OS commands inside the vulnerable parameters. There has been an increase in scanning activity to exploit and compromise ZeroShell Linux router. **Recommendations** For Zeroshell version 3.9.0, as a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation. Avoid using the vulnerable HTTP parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ubiQuoss Switch VP5208A (affected versions not specified) Description: The issue allows unauthorized access to user credentials. When a failed login attempt occurs, the system creates a file named bcm password at /cgi-bin/ containing the user credentials in cleartext. This file can be accessed via an HTTP request, potentially allowing attackers to obtain the credentials and use them to access the system via SSH or TELNET if enabled. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YADIFA versions prior to 2.2.6 **Description** The issue is related to the DNS packet parser, which does not check for infinite pointer loops. This allows an attacker to force the server into an infinite loop, resulting in high CPU usage and making the server unresponsive. **Recommendations** For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AeroAdmin version 4.1 **Description** The issue concerns the use of an insecure protocol, specifically HTTP, for software updates. This allows an attacker to potentially hijack an update through a man-in-the-middle attack, enabling them to execute code on the machine. **Recommendations** For AeroAdmin version 4.1, consider disabling the automatic update feature until a secure update mechanism is implemented, and restrict network access to trusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AeroAdmin version 4.1 **Description** The issue arises from a function that copies data between two pointers, where the size of the data copied is directly obtained from a network packet. This can lead to a buffer overflow, resulting in a denial of service. **Recommendations** For AeroAdmin version 4.1, consider restricting access to the function that handles network packets to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.