Amey Chavekar

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C50 (affected versions not specified) Description: The issue is related to the improper signature verification mechanism in the firmware upgrade process at the web interface of the TP-Link Archer C50. This allows an attacker with administrative privileges within the router's Wi-Fi range to exploit the vulnerability by uploading and executing malicious firmware, potentially leading to the complete compromise of the targeted device. The exploitation can result in the execution of arbitrary code and may cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Philips lighting devices (affected versions not specified) **Description** This issue is related to the storage of Wi-Fi credentials in plain text within the device firmware of Philips lighting devices. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation could allow an attacker to gain unauthorized access to the Wi-Fi network to which the vulnerable device is connected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ (affected versions not specified) **Description** The issue is related to Incorrect Access Control in the D-Link routers. The UART/Serial interface on the PCB provides log output and a root terminal without proper access control, which can be exploited by an attacker to bypass access restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.