Charles Perine

Name of the Vulnerable Software and Affected Versions: Crimson 3.1 (Build versions prior to 3119.001) Description: An attacker could send a specially crafted message to the software that could leak arbitrary memory locations. Recommendations: For Crimson 3.1 (Build versions prior to 3119.001), update to a version 3119.001 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Moxa MGate 5105-MB-EIP version 4.1 Description: The issue is related to the DestIP parameter in the Moxa MGate 5105-MB-EIP firmware, which lacks proper validation of user-supplied strings before executing system calls. This allows remote attackers to execute arbitrary code, potentially leading to privilege escalation. The exploitation requires authentication. The vulnerability is exploited through the `DestIP` parameter within the `MainPing.asp` endpoint. Recommendations: For version 4.1, consider restricting access to the `MainPing.asp` endpoint and the `DestIP` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.