Anurag M. Chevendra

**Name of the Vulnerable Software and Affected Versions** Delta DX-3021 versions prior to 1.24 **Description** The webserver in Delta DX-3021 is vulnerable to command injection through the network diagnosis page. This issue could allow a remote unauthenticated user to add files, delete files, and change file permissions. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to modify data. **Recommendations** For versions prior to 1.24, update to version 1.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the network diagnosis page until a patch is available. Avoid using the network diagnosis page for sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR841N version 3.16.9 Build 160325 Rel.62500n **Description** The issue exists due to the transmission of authentication information in cleartext base64 format. This could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through the web-based management interface. **Recommendations** For TP-Link TL-WR841N version 3.16.9 Build 160325 Rel.62500n, consider disabling the web-based management interface until a patch is available to prevent remote attackers from intercepting credentials. Restrict access to the device's administrative operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa MGate versions MB3180, MB3280, and MB3480 **Description** The issue is related to the transmission of data in plain text, which could allow an attacker to intercept traffic and decrypt login credentials, potentially granting admin rights through the HTTP web server. This could enable a remote attacker to gain unauthorized access to protected information or elevate their privileges. **Recommendations** For Moxa MGate versions MB3180, MB3280, and MB3480, consider restricting access to the HTTP web server until a fix is available. As a temporary workaround, avoid using the HTTP web server for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.