Diego Zaffaroni

**Name of the Vulnerable Software and Affected Versions** 130.8005 TCP/IP Gateway version 12h **Description** A CWE-598 issue was discovered where the SHA-1 hash of the password and session tokens are included as part of the URL, exposing them to information leakage scenarios. An attacker capable of accessing such values can exploit this to leak the password hash and session tokens, bypassing the authentication mechanism using a pass-the-hash attack. **Recommendations** For version 12h, consider disabling the use of GET request methods with sensitive query strings until a patch is available. Restrict access to sensitive information and session tokens to minimize the risk of exploitation. Avoid using the `password` and `session token` variables in URLs to prevent information leakage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zettler - 130.8005 version 12h **Description** A CWE-1392 issue was discovered, affecting the device's FTP server, which uses default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes to resources exposed by the service, such as configuration files where password hashes are saved or where network settings are stored. **Recommendations** For version 12h, change the default admin credentials of the FTP server to strong, unique credentials to prevent unauthorized access. As a temporary workaround, consider disabling the FTP server until secure credentials are implemented. Restrict access to the FTP server to minimize the risk of exploitation. Avoid using default or easy-to-guess credentials for the admin account.

**Name of the Vulnerable Software and Affected Versions** Zettler 130.8005 TCP/IP Gateway version 12h **Description** A buffer over-read issue was discovered, affecting the web server and allowing information disclosure. This can be triggered by leveraging a memory leak, enabling a remote unauthenticated attacker to exploit the issue and leak valid authentication tokens from the process memory associated with currently logged-in users, thereby bypassing the authentication mechanism. **Recommendations** For Zettler 130.8005 TCP/IP Gateway version 12h, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Frozen versions prior to 1.7 **Description** A NULL Pointer Dereference vulnerability allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input. **Recommendations** For versions prior to 1.7, update to version 1.7 or later to resolve the issue. As a temporary workaround, consider restricting the input of JSON data to prevent maliciously crafted JSON from being processed by the library.

**Name of the Vulnerable Software and Affected Versions** Cesanta Frozen versions less than 1.7 **Description** An Allocation of Resources Without Limits or Throttling issue allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input. **Recommendations** For Cesanta Frozen versions less than 1.7, update to version 1.7 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing all JSON inputs to prevent maliciously crafted data from being processed. Restrict access to components that embed the Cesanta Frozen library to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A missing authentication issue for critical functions was discovered, affecting Advantech devices. The vulnerability can be exploited by remote unauthenticated users interacting with the default "edgserver" service. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "edgserver" service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, consider disabling the "edgserver" service until a patch is available. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, consider disabling the "edgserver" service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "basic htm" API of Advantech's EKI-6333AC series devices. The problem arises from the improper sanitization of multiple parameters before they are concatenated to OS-level commands, allowing for OS command injection. This could potentially enable a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "basic htm" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "basic htm" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using parameters that are not properly sanitized in the "basic htm" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "export log" API of Advantech's EKI-6333AC devices, where multiple parameters are not properly sanitized before being used in OS-level commands. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "export log" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "export log" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the vulnerable parameters in the "export log" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "lan apply" API of Advantech's EKI-6333AC series devices, where multiple parameters are not properly sanitized before being used in OS-level commands. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "lan apply" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "lan apply" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the vulnerable parameters in the "lan apply" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the `edgserver` service of Advantech devices, allowing remote unauthenticated users to execute malicious commands with root privileges. The issue arises from the improper neutralization of special elements used in an OS command. No authentication is required to exploit this vulnerability, and it can be triggered by interacting with the default `edgserver` service. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the `edgserver` service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the `edgserver` service to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the `backup config to utility` operation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the `certificate file remove` API, where multiple parameters are not properly sanitized before being concatenated to OS level commands, allowing for OS command injection. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the `certificate file remove` API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the `certificate file remove` API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the `certificate file remove` API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements used in an OS command. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is related to the "mp apply" API, where multiple parameters are not properly sanitized before being concatenated to OS level commands. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1. As a temporary workaround, consider restricting access to the "mp apply" API to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements used in an operating system command. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability relies on multiple parameters belonging to the "multiple ssid htm" API, which are not properly sanitized before being concatenated to OS-level commands. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1. As a temporary workaround, consider restricting access to the "multiple ssid htm" API to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A hard-coded credentials issue affects the backup configuration functionality, which by default encrypts archives using a static password. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue. As a temporary workaround, consider disabling the backup configuration functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands with root privileges. The vulnerability affects the `edgserver` service, which is enabled by default on the access point. No authentication is required to exploit this issue, and malicious commands are executed with root privileges. The source of the vulnerability resides in the processing code associated with the `cfg cmd set eth conf` operation. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1. As a temporary workaround, consider disabling the `edgserver` service until a patch is available. Restrict access to the `cfg cmd set eth conf` operation to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands with root privileges. The vulnerability is associated with the `edgserver` service and the `restore config from utility` operation. No authentication is required to interact with the vulnerable service. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the `edgserver` service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the `restore config from utility` operation to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the `edgserver` service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "scan ap" API of Advantech's EKI-6333AC series devices. The problem arises from the improper sanitization of multiple parameters in the "scan ap" API before they are concatenated to OS-level commands. This could allow a remote attacker to execute arbitrary code. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "scan ap" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "scan ap" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the parameters associated with the "scan ap" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the `connection profile apply` API, where multiple parameters are not properly sanitized before being concatenated to OS level commands, allowing for OS command injection. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the `connection profile apply` API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the `connection profile apply` API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using parameters that are not properly sanitized in the `connection profile apply` API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the "edgserver" service of Advantech's EKI-6333AC devices, allowing remote unauthenticated users to execute malicious commands with root privileges. The issue arises from the improper neutralization of special elements used in an OS command, enabling attackers to perform arbitrary commands. No authentication is required to exploit this vulnerability, as the "edgserver" service is enabled by default on the access point. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "edgserver" service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, consider disabling the "edgserver" service until a patch is available. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, consider disabling the "edgserver" service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "sta log htm" API of Advantech's EKI-6333AC devices, where multiple parameters are not properly sanitized before being used in OS-level commands. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "sta log htm" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "sta log htm" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using parameters that are not properly sanitized in the "sta log htm" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.