Eslam Kamal

**Name of the Vulnerable Software and Affected Versions** Hewlett Packard Enterprise OfficeConnect 1820 Network switches versions prior to PT.02.19 **Description** A potential security issue has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches, which could be remotely exploited to allow execution of malicious code. **Recommendations** For versions prior to PT.02.19, upgrade the switch firmware to a patched version. As a temporary workaround, consider auditing logs for suspicious activity until the firmware can be updated.

**Name of the Vulnerable Software and Affected Versions** Elenos ETG150 FM transmitter version 3.12 **Description** A lack of rate limiting in the Elenos ETG150 FM transmitter allows attackers to obtain user credentials via brute force and cause other unspecified impacts. **Recommendations** For Elenos ETG150 FM transmitter version 3.12, consider implementing rate limiting on login attempts to prevent brute force attacks until a patch is available. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elenos ETG150 FM Transmitter version 3.12 **Description** The issue is related to insufficient session expiration, allowing attackers to change transmitter configuration and data after a user has logged out. **Recommendations** For Elenos ETG150 FM Transmitter version 3.12, consider implementing proper session expiration mechanisms to prevent unauthorized access after logout. As a temporary workaround, restrict access to the transmitter configuration and data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GatesAIr Flexiva FM Transmitter/Exciter version FAX 150W **Description** The issue allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. This is a Cross Site Scripting vulnerability. **Recommendations** For GatesAIr Flexiva FM Transmitter/Exciter version FAX 150W, consider disabling access to the web application dashboard until a fix is available. Restrict the use of the dashboard to minimize the risk of exploitation. Avoid using the dashboard with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elenos ETG150 FM transmitter version 3.12 **Description** The issue is related to improper access control, which can be exploited to add a high-privilege user by leveraging the user's role within the admin profile. This can potentially be done over the public Internet. The vulnerability is associated with software deficiencies in access control. **Recommendations** For version 3.12, consider restricting access to the admin profile to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit user roles within the admin profile to prevent unauthorized privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Elenos ETG150 FM transmitter version 3.12 **Description** The issue is related to insufficient protection of service data, allowing an attacker to gain unauthorized access to sensitive information. This can be exploited by accessing the publicly accessible Memcached service, potentially over the public Internet. The leak includes SMTP credentials and other sensitive information. **Recommendations** For Elenos ETG150 FM transmitter version 3.12, consider restricting access to the Memcached service to minimize the risk of exploitation. As a temporary workaround, limit public Internet access to the transmitter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elenos ETG150 FM transmitter version 3.12 **Description** The issue is related to improper access control, which can lead to privilege escalation. This can be exploited by utilizing a user's role in their profile. In some cases, an attack could be conducted over the public Internet. The vulnerability is also associated with deficiencies in access control in the Memcached service of the Elenos ETG150 FM transmitter's firmware, allowing a remote attacker to potentially elevate their privileges. **Recommendations** For Elenos ETG150 FM transmitter version 3.12, consider restricting access to the user profile and `user role` to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the Memcached service to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.