Dr. Matthias Kesenheimer

Name of the Vulnerable Software and Affected Versions: Bender GmbH & Co. KG charge controllers (affected versions not specified) Description: An authenticated, low-privileged attacker can obtain credentials stored on the charge controller, including the manufacturer password. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bender Charge Controller product families (including CC612, CC613, ICC13xx, ICC15xx, ICC16xx) Description: The web interface uses HTTP instead of HTTPS due to an insecure default configuration. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys MR9600 versions prior to 2.0.5 **Description** The issue allows attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. **Recommendations** For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the NAS SMB share to minimize the risk of exploitation.