C. Hierzer

**Name of the Vulnerable Software and Affected Versions** ORing IAP-420 versions 2.01e and below **Description** The issue is caused by missing input validation in the web interface of ORing IAP-420, allowing stored Cross-Site Scripting (XSS). This enables attackers to store malicious scripts on the device, which can then be executed by other users, potentially leading to unauthorized access or data theft. **Recommendations** For versions 2.01e and below, update to a version that includes input validation for the web interface to prevent stored Cross-Site Scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ORing IAP-420 versions 2.01e and earlier **Description** The issue is caused by a lack of input validation in the web interface of ORing IAP-420, allowing Cross-Site Scripting (XSS). **Recommendations** For versions 2.01e and earlier, update to a version later than 2.01e to resolve the issue. As a temporary workaround, consider restricting access to the web interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ORing IAP-420 versions 2.01e and below **Description** The issue is related to a lack of input validation in the web interface of the ORing IAP-420, which allows for stored Cross-Site Scripting (XSS). This means that an attacker can inject malicious scripts into the web interface, which can then be executed by other users, potentially leading to unauthorized access or other malicious activities. **Recommendations** For versions 2.01e and below, update to a version that includes input validation for the web interface to prevent stored Cross-Site Scripting (XSS). At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ORing IAP-420 versions through 2.01e **Description** The issue affects the NET-SNMP used in ORing IAP-420, allowing Command Injection through SNMP objects. **Recommendations** For versions through 2.01e, consider disabling the SNMP functionality until a patch is available. Restrict access to the vulnerable NET-SNMP module to minimize the risk of exploitation. Avoid using the affected IAP-420 devices for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IAP-420 versions through 2.01e **Description** The issue is related to an improper check of password character length in the ORing operation of IAP-420, allowing a forced deadlock. **Recommendations** For versions through 2.01e, update to a version later than 2.01e to resolve the issue. As a temporary workaround, consider restricting the use of password-related operations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Korenix JetPort 5601 versions through 1.2 **Description** The pathname of the root directory to a Restricted Directory allows Path Traversal. This issue enables Path Traversal in Korenix JetPort 5601. **Recommendations** For versions through 1.2, update to a version that fixes the Path Traversal issue to prevent exploitation. As a temporary workaround, consider restricting access to the root directory to minimize the risk of Path Traversal exploitation.