Alik Koldobsky

**Name of the Vulnerable Software and Affected Versions** ETIC Telecom RAS versions 4.7.0 and prior **Description** The web management portal authentication is disabled by default in the affected versions. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. **Recommendations** For ETIC Telecom RAS versions 4.7.0 and prior, enable the web management portal authentication to prevent unauthorized access and potential configuration alterations or denial-of-service conditions.

**Name of the Vulnerable Software and Affected Versions** ETIC Telecom Remote Access Server (RAS) versions 4.5.0 and prior **Description** The web portal of the affected software is vulnerable to accepting malicious firmware packages, which could provide a backdoor to an attacker and allow privilege escalation to the device. **Recommendations** For versions 4.5.0 and prior, update to a version that is not affected by this issue, as the current version is vulnerable to malicious firmware packages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870 **Description** The issue is related to the lack of an efficient password policy enforcement. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users, performing operations on their behalf. **Recommendations** For versions 2.3.0.r4724 and 2.3.0.r4870, consider implementing a strong password policy to mitigate the risk of password enumeration and impersonation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870 **Description** The issue allows an attacker to use a traceroute tool to inject commands into the device, potentially enabling remote command execution on behalf of the device. **Recommendations** For versions 2.3.0.r4724 and 2.3.0.r4870, consider restricting access to the device to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870 **Description** The issue allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. **Recommendations** For versions 2.3.0.r4724 and 2.3.0.r4870, consider disabling the self-registration feature in the cloud portal to prevent unauthorized access until a patch is available. Restrict access to the cloud portal to minimize the risk of exploitation.