Abhishek Pandey

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** The web management interface displays passwords in a plaintext input field, making them visible to anyone with access to the user interface. This could allow unauthorized observation of administrator credentials through methods like shoulder surfing, screenshots, or browser form caching. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** The embedded web interface does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, potentially exposing user credentials to interception by attackers on the same network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** The web management interface allows the administrator `username` and `password` to be set to blank values. After applying these blank values, the device allows authentication with empty credentials via the web management interface and Telnet service. This disables authentication across critical management channels, potentially granting full administrative control to any network-adjacent attacker without requiring credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wi-Fi router (affected versions not specified) **Description** The Wi-Fi router is susceptible to de-authentication attacks because of missing management frame protection. This allows attackers to broadcast fabricated deauthentication and disassociation frames without authentication or encryption. Exploitation can lead to unauthorized disruptions and denial-of-service conditions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** General Industrial Controls Lynx+ Gateway (affected versions not specified) **Description** The Lynx+ Gateway is susceptible to a cleartext transmission issue. This could allow an attacker to intercept network traffic and potentially gain access to sensitive data, including credentials transmitted in plaintext. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** General Industrial Controls Lynx+ Gateway (affected versions not specified) **Description** The Lynx+ Gateway is susceptible to a weak password requirement, potentially enabling an attacker to perform a brute-force attack. Successful exploitation could lead to unauthorized access and login. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** General Industrial Controls Lynx+ Gateway (affected versions not specified) **Description** The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote takeover of industrial systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** General Industrial Controls Lynx+ Gateway (affected versions not specified) **Description** The Lynx+ Gateway embedded web server lacks essential authentication. This allows an attacker to send GET requests and potentially obtain sensitive device information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Affected versions not specified **Description** A cleartext transmission of sensitive information allows an unauthorized remote attacker to gain login credentials and access the Web-UI. The vulnerability is due to the absence of proper encryption or secure communication protocols, enabling interception of sensitive data transmitted over the network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.