Aisec

**Name of the Vulnerable Software and Affected Versions** nextlevelbuilder GoClaw versions prior to 3.9.0 nextlevelbuilder GoClaw Lite versions prior to 3.9.0 **Description** A flaw in the RPC Handler component allows for improper authorization. This issue can be triggered remotely through an unknown function within the component. **Recommendations** Upgrade to version 3.9.0.

**Name of the Vulnerable Software and Affected Versions** PicoClaw versions prior to 0.2.5 **Description** A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/api/gateway/restart' endpoint to minimize the risk of exploitation.