Bertinjoseb

**Name of the Vulnerable Software and Affected Versions** Anti-Web through version 3.8.7 **Description** The issue allows remote authenticated users to execute arbitrary OS commands via crafted `multipart/form-data` content. This affects devices from various manufacturers, including NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer. **Recommendations** For Anti-Web version 3.8.7 and earlier, consider restricting access to the `cgi-bin/write.cgi` endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `multipart/form-data` content type in the affected endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.