Fady Oueslati

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an exposed user and password database due to an unprotected web server resource. The passwords are hashed using a weak hashing algorithm, making them susceptible to attacks using rainbow tables, which could allow an attacker to determine the password. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to potentially execute scripts on a client's computer by sending a manipulated URL, exploiting a reflected XSS weakness in the web server. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The login routine of the system allows clients to log in using the hash of the password instead of the password itself. This issue can be combined with another security concern to allow an attacker to subsequently log in to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue involves information disclosure where the main configuration, including users and their hashed passwords, is exposed through an unprotected web server resource. This exposure allows access to sensitive information without requiring authentication. Furthermore, device details such as the serial number and firmware version are also exposed due to another unprotected web server resource. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.