F0Xf0X

**Name of the Vulnerable Software and Affected Versions** FUXA versions <= 1.1.12 **Description** A SQL Injection attack allows exfiltration of confidential information from the database. **Recommendations** For FUXA versions <= 1.1.12, update to a version greater than 1.1.12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FUXA versions 1.1.12 and earlier **Description** The issue allows for Local File Inclusion via the "/api/download" API endpoint. This could potentially be exploited to access sensitive files on the system. **Recommendations** For versions 1.1.12 and earlier, as a temporary workaround, consider restricting access to the "/api/download" API endpoint until a patch is available. Avoid using the `/api/download` endpoint in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-846 version 100A53DBR-Retail **Description** The issue is related to the lack of protection of the web page structure when handling the QoS POST parameter, allowing a remote attacker to execute arbitrary code. This can be achieved through an unspecified manipulation of the QoS POST parameter. **Recommendations** For version 100A53DBR-Retail, update the firmware to a version that fixes this issue. As a temporary workaround, consider restricting access to the QoS parameter in the web interface until a patch is available.