Evan Grant

Name of the Vulnerable Software and Affected Versions Azure Databricks (affected versions not specified) Description Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Purview (affected versions not specified) **Description** Server-side request forgery (ssrf) exists in Microsoft Purview, potentially allowing an unauthorized attacker to elevate privileges over a network. SSRF occurs when a server processes a request to retrieve a remote resource without properly validating the request, which can lead to unauthorized access to internal resources or external systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Purview (affected versions not specified) **Description** The software contains a server-side request forgery (ssrf) issue. This allows an unauthorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Azure Databricks (affected versions not specified) Description: Improper access control in Azure Databricks can allow an unauthorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kenwood DMX958XR (affected versions not specified) **Description** A flaw exists within the JKWifiService of the Kenwood DMX958XR, allowing physically present attackers to execute arbitrary code on affected devices. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, potentially allowing an attacker to execute code with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Power Apps (affected versions not specified) **Description** The issue is related to Server-Side Request Forgery (SSRF) in Microsoft Power Apps, allowing an unauthorized attacker to disclose information over a network. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Copilot Studio (affected versions not specified) **Description** The issue is related to insufficient validation of incoming requests, allowing an authenticated attacker to bypass Server-Side Request Forgery (SSRF) protection and potentially leak sensitive information over a network. This can be achieved through an SSRF attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CData Sync versions prior to 23.4.8843 **Description** A path traversal vulnerability exists in the Java version of CData Sync when running using the embedded Jetty server. This issue is related to errors in handling relative paths to directories. Exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to protected information and perform limited actions in the system by sending specially crafted HTTP requests. **Recommendations** For versions prior to 23.4.8843, update to version 23.4.8843 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CData API Server versions prior to 23.4.8844 **Description** A path traversal vulnerability exists in the Java version of CData API Server when running using the embedded Jetty server. This could allow an unauthenticated remote attacker to gain complete administrative access to the application. The issue is related to errors in handling relative path to directory due to the lack of session checking for endpoints. Exploitation of the vulnerability may allow a remote attacker to elevate privileges by sending specially crafted HTTP requests. Over 2,500 services are potentially affected. **Recommendations** For versions prior to 23.4.8844, update to version 23.4.8844 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server until a patch is applied. Avoid using the vulnerable CData API Server with the embedded Jetty server for sensitive applications until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CData Connect versions prior to 23.4.8846 **Description** A path traversal vulnerability exists in the Java version of CData Connect when running using the embedded Jetty server. This could allow an unauthenticated remote attacker to gain complete administrative access to the application by sending specially crafted HTTP requests, potentially allowing them to elevate their privileges. **Recommendations** For versions prior to 23.4.8846, update to version 23.4.8846 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** CData Arc versions prior to 23.4.8839 **Description** A path traversal vulnerability exists in the Java version of CData Arc when running using the embedded Jetty server. This could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions by sending specially crafted HTTP requests. The vulnerability is related to errors in handling relative path to directory. **Recommendations** For versions prior to 23.4.8839, update to version 23.4.8839 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server until a patch is available. Avoid using the vulnerable server for sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Telstra Smart Modem Gen 2 (Arcadyan LH1000) versions prior to 0.18.15r **Description** The `ping from` parameter of `ping tracerte.cgi` in the web UI was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. **Recommendations** For versions prior to 0.18.15r, update to firmware version 0.18.15r or later to resolve the issue. As a temporary workaround, consider restricting access to the `ping tracerte.cgi` endpoint until a patch is available. Avoid using the `ping from` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Telstra Smart Modem Gen 2 (Arcadyan LH1000) versions prior to 0.18.15r **Description** The issue allows unauthenticated attackers to upload firmware images and configuration backups, potentially leading to code execution as root. This could enable attackers to alter the firmware or configuration on the device. **Recommendations** For versions prior to 0.18.15r, update the firmware to version 0.18.15r or later to resolve the issue. As a temporary workaround, consider restricting access to the `fake upload.cgi` script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer AX21 versions prior to 1.1.4 Build 20230219 **Description** An unauthenticated attacker can execute arbitrary commands with root privileges on the web management interface via a command injection flaw. The issue exists because the `country` parameter in the write operation of the '/cgi-bin/luci;stok=/locale' endpoint is not sanitized before being processed by the `popen()` function. This flaw has been exploited by Chinese state-linked actors and various botnets, including Mirai, RondoDox, and Ballista. The Ballista botnet has compromised over 6,000 devices worldwide, specifically targeting sectors such as healthcare, manufacturing, and technology across countries including Brazil, Poland, Turkey, the UK, and the USA. Once compromised, the malware establishes an encrypted command-and-control channel to perform DDoS attacks, redirect users to phishing sites by changing DNS settings, and steal sensitive files. **Recommendations** Update to firmware version 1.1.4 Build 20230219 or later. As a temporary workaround, restrict access to the '/cgi-bin/luci;stok=/locale' endpoint or disable the web management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NETGEAR Nighthawk WiFi6 Router versions prior to V1.0.10.94 **Description** The issue is related to a buffer overflow vulnerability in the CGI mechanisms of the router's software. This vulnerability could allow an attacker to execute arbitrary code on the device. The vulnerability is associated with the lack of size checking for input data, which can be exploited by a remote attacker. **Recommendations** For versions prior to V1.0.10.94, update to version V1.0.10.94 or later to resolve the issue. As a temporary workaround, consider restricting access to the CGI mechanisms until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NETGEAR Nighthawk WiFi6 Router versions prior to V1.0.10.94 **Description** The issue is related to the file sharing mechanism in the NETGEAR Nighthawk WiFi6 Router, which allows users with access to this feature to access arbitrary files on the device. This is due to insufficient access control in the file sharing component of the router's software. Exploitation of this issue may allow a remote attacker to gain access to arbitrary files. **Recommendations** For versions prior to V1.0.10.94, update to version V1.0.10.94 or later to resolve the issue. As a temporary workaround, consider restricting access to the file sharing feature until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NETGEAR Nighthawk WiFi 6 Router versions prior to V1.0.10.94 **Description** The issue is related to the file sharing mechanism in the router's software, which incorrectly handles permissions. This can allow a remote attacker to execute arbitrary code on the device. The exploitation of this issue may enable unauthorized access and control. **Recommendations** For versions prior to V1.0.10.94, update the firmware to version V1.0.10.94 or later to resolve the issue. As a temporary workaround, consider restricting upload permissions for users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SCORM Engine versions prior to 20.1.45.914 SCORM Engine versions 21.1.x prior to 21.1.7.219 **Description** A reflected cross-site scripting (XSS) issue exists due to the lack of limitations on the domain or format of the url supplied by the user in the `playerConfUrl` parameter in the /defaultui/player/modern.html file. This allows an attacker to craft malicious urls that can trigger a reflected XSS payload in the context of a victim's browser. **Recommendations** For SCORM Engine versions prior to 20.1.45.914, update to version 20.1.45.914 or later. For SCORM Engine versions 21.1.x prior to 21.1.7.219, update to version 21.1.7.219 or later. As a temporary workaround, consider restricting access to the `playerConfUrl` parameter in the /defaultui/player/modern.html file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Access Manager Plus versions prior to 4302 Zoho ManageEngine Password Manager Pro versions prior to 12007 ManageEngine Privileged Access Manager 360 (PAM360) versions prior to 5401 **Description** The software solutions Zoho ManageEngine Access Manager Plus, Zoho ManageEngine Password Manager Pro, and ManageEngine Privileged Access Manager 360 (PAM360) are affected by an improper path restriction issue. This can allow a remote attacker to bypass security restrictions and gain unauthorized access to protected information. The issue relates to access control bypass on several Rest API URLs, including those for `SSOutAction`, `SSLAction`, `LicenseMgr`, `GetProductDetails`, `GetDashboard`, `FetchEvents`, and `Synchronize`, through the use of the '../RestAPI' substring. **Recommendations** Zoho ManageEngine Access Manager Plus versions prior to 4302 should be updated. Zoho ManageEngine Password Manager Pro versions prior to 12007 should be updated. ManageEngine Privileged Access Manager 360 (PAM360) versions prior to 5401 should be updated.

**Name of the Vulnerable Software and Affected Versions** Netgear RAX43 version 1.0.3.96 **Description** The issue is caused by a buffer overrun vulnerability in the URL parsing functionality of the cgi-bin endpoint. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information by potentially redirecting the control flow of the application. **Recommendations** For Netgear RAX43 version 1.0.3.96, consider restricting access to the cgi-bin endpoint until a patch is available. As a temporary workaround, avoid using the vulnerable URL parsing functionality in the cgi-bin endpoint to minimize the risk of exploitation.