Faiyazahmad

**Name of the Vulnerable Software and Affected Versions** SMI SMI-EX-5414W versions up to 1.0.03 **Description** A vulnerability was found in the Web Interface component of the affected software, leading to cross-site request forgery. The manipulation can be initiated remotely. **Recommendations** For SMI SMI-EX-5414W versions up to 1.0.03, update to a patched version and review web application security controls to prevent future cross-site request forgery attacks. As a temporary workaround, consider restricting access to the Web Interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CP Plus Wi-Fi Camera versions up to 20240401 **Description** A critical issue was found in the User Management component, leading to improper authorization. The manipulation can be launched remotely. The issue affects an unknown functionality of this component. **Recommendations** For CP Plus Wi-Fi Camera versions up to 20240401, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Uniway Router version 2.0 **Description** A critical vulnerability was found in the Administrative Web Interface component of the Uniway Router. The issue leads to reliance on IP address for authentication, allowing for remote attacks. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Uniway Router version 2.0, consider restricting access to the Administrative Web Interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the reliance on IP address for authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uniway Router versions up to 2.0 **Description** A critical issue affects some unknown functionality of the file /boaform/device reset.cgi of the component Device Reset Handler, leading to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Uniway Router versions up to 2.0, as a temporary workaround, consider disabling access to the /boaform/device reset.cgi file until a patch is available. Restrict access to the Device Reset Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uniway UW-302VP version 2.0 **Description** A vulnerability was found in the Admin Web Interface of Uniway UW-302VP, affecting the processing of the file /boaform/wlan basic set.cgi. The manipulation of the `wlanssid/password` argument leads to cross-site request forgery. The attack may be initiated remotely. **Recommendations** For Uniway UW-302VP version 2.0, as a temporary workaround, consider restricting access to the /boaform/wlan basic set.cgi file until a patch is available. Avoid using the `wlanssid/password` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.