Dawid Kulikowski

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.2 Description: Mattermost fails to sanitize path traversal sequences in template file destination paths. This allows a system administrator to perform path traversal attacks via malicious path components, potentially enabling malicious file placement outside intended directories. Recommendations: Update Mattermost to a version later than 10.5.8. Update Mattermost to a version later than 9.11.17. Update Mattermost to a version later than 10.8.3. Update Mattermost to a version later than 10.9.2.

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.1 Mattermost versions 9.11.x through 9.11.17 Description: The Mattermost application does not properly validate file paths during plugin import operations. This allows restricted administrator users to install unauthorized custom plugins through a path traversal vulnerability in the import functionality, bypassing plugin signature enforcement and marketplace restrictions. Recommendations: Update Mattermost to a version later than 10.5.8. Update Mattermost to a version later than 10.8.3. Update Mattermost to a version later than 10.9.1. Update Mattermost to a version later than 9.11.17.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.16 Mattermost versions 10.5.x through 10.5.7 Mattermost versions 10.7.x through 10.7.3 Mattermost versions 10.8.x through 10.8.1 **Description** The application fails to sanitize input paths of file attachments within the bulk import JSONL file. This allows a system administrator to read arbitrary system files through a path traversal technique. **Recommendations** Mattermost versions 9.11.x through 9.11.16: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mattermost versions 10.5.x through 10.5.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mattermost versions 10.7.x through 10.7.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mattermost versions 10.8.x through 10.8.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.16 Mattermost versions 10.5.x through 10.5.6 Mattermost versions 10.7.x through 10.7.3 Mattermost versions 10.8.x through 10.8.1 **Description** The software fails to verify authorization when retrieving cached posts by `PendingPostID`. This allows an authenticated user to read posts in private channels they do not have access to by guessing the `PendingPostID` of recently created posts. **Recommendations** Update Mattermost to a version later than 9.11.16. Update Mattermost to a version later than 10.5.6. Update Mattermost to a version later than 10.7.3. Update Mattermost to a version later than 10.8.1.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.5.x through 10.5.5 Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.8.x through 10.8.0 Mattermost versions 10.7.x through 10.7.2 Mattermost versions 10.6.x through 10.6.5 **Description** Mattermost fails to sanitize filenames in the archive extractor, allowing authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution (RCE). This issue impacts instances where file uploads and document search by content are enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true), which are enabled by default. Approximately 97,000+ and 113,000+ potentially affected instances have been identified. **Recommendations** Mattermost versions 10.5.x through 10.5.5: Update to a newer, fixed version. Mattermost versions 9.11.x through 9.11.15: Update to a newer, fixed version. Mattermost versions 10.8.x through 10.8.0: Update to a newer, fixed version. Mattermost versions 10.7.x through 10.7.2: Update to a newer, fixed version. Mattermost versions 10.6.x through 10.6.5: Update to a newer, fixed version.

**Name of the Vulnerable Software and Affected Versions** Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier **Description** A post-authentication command injection issue in the `ZyEE` function could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. **Recommendations** For Zyxel EX5601-T1 firmware versions V5.70(ACDZ.3.6)C0 and earlier, consider restricting access to the `ZyEE` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 Description: A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device. Recommendations: For Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0, consider disabling the web management interface until a patch is available to prevent exploitation of the buffer overflow vulnerability in the "libclinkc" library. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer in the parameter type parser, which could allow an authenticated attacker with administrator privileges to cause potential memory corruptions. This may result in a thread crash on an affected device. The vulnerability can be exploited by a remote attacker, potentially leading to a denial of service. Recommendations: For Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0, update to a version that fixes the improper restriction of operations within the bounds of a memory buffer in the parameter type parser to prevent potential memory corruptions and thread crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer, which could allow an authenticated attacker with administrator privileges to cause potential memory corruptions. This may result in a thread crash on an affected device. The vulnerability can be exploited by a remote attacker, potentially leading to a denial of service. Recommendations: For Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0, consider updating to a newer version that addresses the memory buffer restriction issue to prevent potential memory corruptions and thread crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer in the MAC address parser, which could allow an authenticated attacker with administrator privileges to cause potential memory corruptions. This may result in a thread crash on an affected device. The vulnerability can be exploited by a remote attacker, potentially leading to a denial of service. Recommendations: For Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0, update to a version that fixes the improper restriction of operations within the bounds of a memory buffer in the MAC address parser to prevent potential memory corruptions and thread crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser. This could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. The vulnerability may also be exploited by a remote attacker to cause a denial of service. Recommendations: For Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0, update to a version that fixes the improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 Description: A buffer overflow vulnerability in the library "libclinkc" could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. Recommendations: For Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0, consider disabling the "libclinkc" library until a patch is available to prevent exploitation of the buffer overflow vulnerability. Restrict access to the device to minimize the risk of denial of service (DoS) conditions. Avoid using the vulnerable firmware version until an update is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.