Arko Dhar

**Name of the Vulnerable Software and Affected Versions** TP-Link VIGI Cameras (affected versions not specified) **Description** An authentication bypass issue exists in the password recovery feature of the local web interface of TP-Link VIGI cameras. This allows an attacker on the Local Area Network (LAN) to reset the administrator password without verification by manipulating client-side state. Successful exploitation grants the attacker full administrative access to the device, potentially compromising configuration and network security. Over 2,500 internet-exposed cameras have been identified, increasing the risk of real-world takeover for poorly segmented or publicly reachable deployments. Attackers could gain access to live and recorded video feeds, disable security features, alter configurations, and potentially use the compromised devices for lateral movement within a network. The vulnerability affects over 32 VIGI C and InSight camera models. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Matrix Door Controller Cosec Vega FAXQ (affected versions not specified) **Description** The issue arises from improper implementation of session management at the web-based management interface. A remote attacker could exploit this by sending a specially crafted HTTP request to the vulnerable device. Successful exploitation could allow a remote attacker to gain unauthorized access and take complete control of the targeted device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bosch IP camera devices (affected versions not specified) **Description** An information disclosure issue was found in Bosch IP camera devices, allowing an unauthenticated attacker to retrieve device information, such as capabilities, and network settings. This could potentially disclose internal network settings if the device is connected to the internet. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uniview IP Camera (affected versions not specified) **Description** The issue is related to identification and authentication failure at the web-based management interface of Uniview IP Camera. A remote attacker could exploit this by sending specially crafted HTTP requests to the vulnerable device, potentially gaining complete control of the targeted device. The vulnerability allows remote attackers to bypass the authentication process and gain unauthorized access by sending specially crafted packets. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CP-Plus DVR (affected versions not specified) **Description** The issue exists due to improper input validation within the web-based management interface. An unauthenticated remote attacker could exploit this by sending specially crafted HTTP requests to the vulnerable device, potentially allowing them to change the system time of the targeted device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CP-Plus NVR (affected versions not specified) **Description** The issue exists due to improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation could allow the remote attacker to obtain sensitive information on the targeted device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC) **Description** The issue exists due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this by sending a specially crafted http request on the targeted device. Successful exploitation could allow a remote attacker to take over an account on the targeted device. **Recommendations** As a temporary workaround, consider disabling the password reset mechanism at the Milesight NVR web-based management interface until a patch is available. Restrict access to the web-based management interface to minimize the risk of exploitation. Avoid using the vulnerable password reset feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC) (affected versions not specified) **Description** This issue is due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this by sending specially crafted http requests on the targeted device. Successful exploitation could allow a remote attacker to perform unauthorized activities on the targeted device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hikvision Hybrid SAN/Cluster Storage products (affected versions not specified) **Description** The issue is related to access control errors in the software, allowing a remote attacker to exploit the vulnerability and gain administrator privileges. This can be achieved by sending crafted messages to the affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hikvision DS-3WF0AC-2NT versions (affected versions not specified) Hikvision DS-3WF01C-2N/O versions (affected versions not specified) **Description** The issue is related to access control errors in the web server of certain Hikvision wireless bridge products. This can be exploited by a remote attacker to gain administrator privileges by sending crafted messages to the affected devices. **Recommendations** For Hikvision DS-3WF0AC-2NT, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Hikvision DS-3WF01C-2N/O, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Milesight Video Management Systems (VMS) versions prior to 40.7.0.79-r1 **Description** The issue is caused by improper input handling at the camera's web-based management interface. A remote attacker could exploit this by sending a specially crafted HTTP request to the targeted network camera, potentially causing a Denial of Service condition on the device. **Recommendations** For versions prior to 40.7.0.79-r1, update to version 40.7.0.79-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpWebFTP version 2.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `port`, `server`, and `user` parameters in index.php. **Recommendations** For phpWebFTP version 2.3, consider restricting access to the index.php file until a patch is available, and avoid using the `port`, `server`, and `user` parameters in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpWebFTP versions 3.2 and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `language` parameter of the index.php file. **Recommendations** For phpWebFTP versions 3.2 and earlier, update to a version later than 3.2 to resolve the issue.