Delikely

**Name of the Vulnerable Software and Affected Versions** Cybellum's QCOW air-gapped distribution (China Edition) versions 2.15.5 through 2.27 **Description** The issue concerns a hard-coded private cryptographic key in the Maintenance Server of Cybellum's QCOW air-gapped distribution (China Edition). An attacker with administrative privileges and access to the air-gapped server could potentially use this key to run commands on the server. **Recommendations** For versions 2.15.5 through 2.27, update to version 2.28 to resolve the issue. As a temporary workaround, consider restricting access to the Maintenance Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GARO Wallbox versions (affected versions not specified) **Description** The issue concerns unauthenticated command injection in multiple versions of the software. Specifically, the `url` parameter of the `downloadAndUpdate` function module is vulnerable to command injection. This occurs because unfiltered user input is used to generate code that gets executed when downloading new firmware. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GARO Wallbox versions (affected versions not specified) **Description** The issue concerns hardcoded credentials in the `/etc/tomcat8/tomcat-user.xml` file, allowing attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manager page. **Recommendations** For all affected versions, consider changing the hardcoded credentials in the `/etc/tomcat8/tomcat-user.xml` file to unique and secure credentials as a temporary workaround. Restrict access to the tomcat manager page on port 8000 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GARO Wallbox versions (affected versions not specified) **Description** The issue is related to incorrect access control, specifically a lack of access control on the web manager pages. This allows any user to view and modify information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.