David Gnedt

**Name of the Vulnerable Software and Affected Versions** Shibboleth Identity Provider OIDC OP plugin versions prior to 3.0.4 **Description** The issue allows server-side request forgery (SSRF) due to insufficient restriction of the `request uri` parameter. This enables attackers to interact with arbitrary third-party HTTP services. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `request uri` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Monsta FTP versions 2.10.1 and earlier **Description** The issue is due to insufficient restriction of the web fetch functionality, allowing attackers to read arbitrary local files and interact with arbitrary third-party services. This is a result of a server-side request forgery vulnerability. **Recommendations** For Monsta FTP versions 2.10.1 and earlier, update to a version above 2.10.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monsta FTP versions 2.10.1 and below **Description** The issue is related to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. **Recommendations** For Monsta FTP versions 2.10.1 and below, update to a version above 2.10.1 to resolve the issue. As a temporary workaround, consider restricting access to the language setting feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Monsta FTP versions 2.10.1 and earlier **Description** The issue allows external control of paths used in filesystem operations, enabling attackers to read and write arbitrary local files. This can lead to an attacker gaining remote code execution in common deployments. **Recommendations** For Monsta FTP versions 2.10.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Teltonika RUT9XX routers with firmware prior to 00.05.01.1 **Description** The issue is related to cross-site scripting due to insufficient user input sanitization in the hotspotlogin.cgi file. **Recommendations** For firmware versions prior to 00.05.01.1, update the firmware to version 00.05.01.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Teltonika RUT9XX routers with firmware prior to 00.04.233 **Description** The issue allows attackers with physical access to the device to execute arbitrary commands with root privileges due to a lack of proper access control on the root terminal provided on a serial interface. **Recommendations** For Teltonika RUT9XX routers with firmware prior to 00.04.233, update the firmware to version 00.04.233 or later to address the issue.

**Name of the Vulnerable Software and Affected Versions** phpWhois (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code via a crafted whois record. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Partclone versions prior to 0.2.88 **Description** The issue is related to insufficient validation of the FAT superblock, which can lead to a heap-based buffer overflow. This is due to a problem in the `mark reserved sectors` function. An attacker may be able to execute arbitrary code in the context of the user running the affected application. **Recommendations** For versions prior to 0.2.88, update to version 0.2.88 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `partclone.fat` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Partclone version 0.2.87 **Description** The issue is due to insufficient validation of the partclone image header in the partclone.restore function, leading to a heap-based buffer overflow. This could allow an attacker to execute arbitrary code in the context of the user running the affected application. **Recommendations** For Partclone version 0.2.87, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smarty versions prior to 3.1.33 **Description** The issue is related to a path traversal vulnerability due to insufficient template code sanitization in the `Smarty Security::isTrustedResourceDir()` method. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 3.1.33, update to version 3.1.33 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Teltonika RUT9XX routers with firmware before 00.04.233 **Description** The issue is related to multiple unauthenticated OS command injection vulnerabilities in `autologin.cgi` and `hotspotlogin.cgi` due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. The vulnerability is also exploited through vulnerable endpoints like "8021xsupport.html", where the malicious entity downloads executable files, changes permissions to 777, and attempts to cover its tracks. Additionally, standard brute-force attacks on SSH and Telnet are used. The estimated impact includes the potential recruitment of IoT devices for DDoS attacks. **Recommendations** Teltonika RUT9XX routers with firmware before 00.04.233 should update their firmware to version 00.04.233 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints like "8021xsupport.html" and disabling the `autologin.cgi` and `hotspotlogin.cgi` scripts until a patch is available. Avoid using the vulnerable firmware until the issue is resolved.