Exluck

**Name of the Vulnerable Software and Affected Versions** File Station 5 versions prior to 5.5.6.4741 **Description** A vulnerability has been reported that affects files or directories accessible to external parties. If exploited, it could allow remote attackers to read or write files or directories. **Recommendations** For versions prior to 5.5.6.4741, update to version 5.5.6.4741 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Satera MF656Cdw/Satera MF654Cdw versions v05.04 and earlier Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw versions v05.04 and earlier i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw versions v05.04 and earlier **Description** A buffer overflow issue exists in the CPCA font download processing of certain Small Office Multifunction Printers and Laser Printers. This may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. **Recommendations** Satera MF656Cdw/Satera MF654Cdw versions v05.04 and earlier: Update the firmware to a version later than v05.04. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw versions v05.04 and earlier: Update the firmware to a version later than v05.04. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw versions v05.04 and earlier: Update the firmware to a version later than v05.04.

**Name of the Vulnerable Software and Affected Versions** Color imageCLASS MF656Cdw versions v05.04 and earlier Color imageCLASS MF654Cdw versions v05.04 and earlier Color imageCLASS MF653Cdw versions v05.04 and earlier Color imageCLASS MF652Cdw versions v05.04 and earlier Color imageCLASS LBP633Cdw versions v05.04 and earlier Color imageCLASS LBP632Cdw versions v05.04 and earlier i-SENSYS MF657Cdw versions v05.04 and earlier i-SENSYS MF655Cdw versions v05.04 and earlier i-SENSYS MF651Cdw versions v05.04 and earlier i-SENSYS LBP633Cdw versions v05.04 and earlier i-SENSYS LBP631Cdw versions v05.04 and earlier Satera MF656Cdw versions v05.04 and earlier Satera MF654Cdw versions v05.04 and earlier **Description** A buffer overflow issue in XPS data font processing may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. **Recommendations** For Color imageCLASS MF656Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Color imageCLASS MF654Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Color imageCLASS MF653Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Color imageCLASS MF652Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Color imageCLASS LBP633Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Color imageCLASS LBP632Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For i-SENSYS MF657Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For i-SENSYS MF655Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For i-SENSYS MF651Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For i-SENSYS LBP633Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For i-SENSYS LBP631Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Satera MF656Cdw version v05.04 and earlier, update the firmware to a version later than v05.04. For Satera MF654Cdw version v05.04 and earlier, update the firmware to a version later than v05.04.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.9.2954 build 20241120 QTS versions prior to 5.2.2.2950 build 20241114 QuTS hero versions prior to h5.1.9.2954 build 20241120 QuTS hero versions prior to h5.2.2.2952 build 20241116 **Description** An improper neutralization of CRLF sequences, also known as 'CRLF Injection', has been reported to affect several QNAP operating system versions. If exploited, the issue could allow remote attackers to modify application data. **Recommendations** For QTS versions prior to 5.1.9.2954 build 20241120, update to QTS 5.1.9.2954 build 20241120 or later. For QTS versions prior to 5.2.2.2950 build 20241114, update to QTS 5.2.2.2950 build 20241114 or later. For QuTS hero versions prior to h5.1.9.2954 build 20241120, update to QuTS hero h5.1.9.2954 build 20241120 or later. For QuTS hero versions prior to h5.2.2.2952 build 20241116, update to QuTS hero h5.2.2.2952 build 20241116 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.9.2954 build 20241120 QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120 QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116 **Description** An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. **Recommendations** For QNAP QTS versions prior to 5.1.9.2954 build 20241120, update to QTS 5.1.9.2954 build 20241120 or later. For QNAP QTS versions prior to 5.2.2.2950 build 20241114, update to QTS 5.2.2.2950 build 20241114 or later. For QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120, update to QuTS hero h5.1.9.2954 build 20241120 or later. For QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116, update to QuTS hero h5.2.2.2952 build 20241116 or later.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR940N version 3.20.1(US) **Description** This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm, specifically within the `httpd` service. An attacker can leverage this to disclose stored credentials, leading to further compromise. **Recommendations** For TP-Link TL-WR940N version 3.20.1(US), as a temporary workaround, consider restricting access to the `httpd` service until a patch is available. Additionally, avoid using the default TCP port 80 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR940N version 3.20.1(US) **Description** This issue allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequence numbers used for session management. An attacker can leverage this issue to bypass authentication on the system. **Recommendations** For TP-Link TL-WR940N version 3.20.1(US), consider disabling the httpd service until a patch is available to prevent exploitation. Restrict access to TCP port 80 to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this issue.