Alexander Huaman

**Name of the Vulnerable Software and Affected Versions** Evoko Home versions 2.4.2 through 2.7.4 **Description** The issue is related to incorrect default permissions in Evoko Home, allowing a non-admin user to exploit weak file and folder permissions and potentially escalate privileges, execute arbitrary code, and maintain persistence on the compromised machine. The vulnerability is due to full control permissions existing on the 'Everyone' group, which includes any user with local access to the operating system, regardless of their privileges. **Recommendations** For Evoko Home versions 2.4.2 through 2.7.4, consider restricting access to sensitive files and folders to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and adjust the permissions of the 'Everyone' group to prevent non-admin users from exploiting the weak permissions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetCloud Exchange client for Windows version 1.110.50 **Description** The NetCloud Exchange client for Windows contains an insecure file and folder permissions vulnerability. A normal user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code, and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the 'Everyone' group, allowing any user with local access to the operating system to exploit this issue, regardless of their privileges. **Recommendations** For version 1.110.50, consider restricting access to the vulnerable files and folders to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and adjust the permissions on the affected files and folders to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.