Asher Davila L

**Name of the Vulnerable Software and Affected Versions** Arcadyan Wifi routers VRV9506JAC23 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `hostName` and `domain name` parameters present in the LAN configuration section of the administrative dashboard. This is a stored cross-site scripting (XSS) vulnerability. **Recommendations** For Arcadyan Wifi routers VRV9506JAC23, as a temporary workaround, consider restricting access to the LAN configuration section of the administrative dashboard until a patch is available. Avoid using the `hostName` and `domain name` parameters in the affected section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arcadyan Wifi routers VRV9506JAC23 version VRV9506JAC23 **Description** The login password of the web administrative dashboard in the affected routers is sent in cleartext. This allows an attacker to sniff and intercept traffic, potentially learning the administrative credentials to the router. **Recommendations** For Arcadyan Wifi routers VRV9506JAC23 version VRV9506JAC23, consider changing the default administrative credentials and avoid using the web administrative dashboard over unsecured networks until a patch is available. As a temporary workaround, restrict access to the administrative dashboard to minimize the risk of exploitation.