Gem George

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version: A1, B1; Firmware Version: 1.02 through 2.06) **Description** The issue allows attackers to bypass the SharePort Web Access Portal. This can be achieved by directly visiting "category view.php" or "folder view.php" API endpoints. **Recommendations** For Firmware Version 1.02 through 2.06, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "category view.php" and "folder view.php" API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** UTStar WA3002G4 ADSL Broadband Modem version WA3002G4-0021.01 **Description** The issue allows attackers to bypass authentication and directly access administrative settings. Attackers can obtain cleartext credentials from the HTML source of various CGI files, including "info.cgi", "upload.cgi", "backupsettings.cgi", "pppoe.cgi", "resetrouter.cgi", and "password.cgi". **Recommendations** For UTStar WA3002G4 ADSL Broadband Modem version WA3002G4-0021.01, consider restricting access to the mentioned CGI files, such as "info.cgi", "upload.cgi", "backupsettings.cgi", "pppoe.cgi", "resetrouter.cgi", and "password.cgi", until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iBall Baton ADSL2+ Home Router version FW iB-LR7011A 1.0.2 **Description** The issue allows attackers to bypass authentication and access administrative router settings by crafting URLs with a .cgi extension, such as "/info.cgi" and "/password.cgi". **Recommendations** For iBall Baton ADSL2+ Home Router version FW iB-LR7011A 1.0.2, consider restricting access to .cgi endpoints, such as "/info.cgi" and "/password.cgi", until a patch is available.