Buxiaoding

**Name of the Vulnerable Software and Affected Versions** wfh45678 Radar versions up to 1.0.8 **Description** A critical issue has been found in the software, affecting unknown code in the file /services/v1/common/upload. The manipulation of the `file` argument leads to unrestricted upload. This can be initiated remotely. The issue may be used by attackers to upload malicious files. **Recommendations** For versions up to 1.0.8, patch immediately and monitor for exploitation attempts. As a temporary workaround, consider restricting access to the /services/v1/common/upload endpoint until a patch is available. Avoid using the `file` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wfh45678 Radar versions up to 1.0.8 **Description** A critical issue affects the Interface Handler component, allowing for authorization bypass through manipulation of the input `/../`. This can be initiated remotely and is not considered a path traversal weakness. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For wfh45678 Radar versions up to 1.0.8, as a temporary workaround, consider restricting access to the Interface Handler component until a patch is available. Avoid using the input `/../` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.