Gr3Gpr1Est

**Name of the Vulnerable Software and Affected Versions** Rukovoditel Project Management app version 2.6 **Description** The issue allows an attacker to add JavaScript code to the filename, potentially leading to Cross Site Scripting (XSS) attacks. **Recommendations** For version 2.6, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider validating and sanitizing all filenames to prevent the injection of malicious JavaScript code.

**Name of the Vulnerable Software and Affected Versions** Sagemcom F@ST3686 version 1.0 HUN 3.97.0 **Description** The issue is related to a security problem where an attacker can inject malicious code. The estimated number of potentially affected devices worldwide is not available. Technical details about exploitation include API endpoints such as "RgDiagnostics.asp", "RgDdns.asp", "RgFirewallEL.asp", "RgVpnL2tpPptp.asp". **Recommendations** For Sagemcom F@ST3686 version 1.0 HUN 3.97.0, consider restricting access to the affected API endpoints "RgDiagnostics.asp", "RgDdns.asp", "RgFirewallEL.asp", "RgVpnL2tpPptp.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda N301 wireless routers (affected versions not specified) **Description** The issue allows attackers to trigger a device crash by setting a zero wanMTU value in the goform/setSysTools endpoint. Although the GUI enforces a prohibition on this zero value, it is not properly enforced, making the device vulnerable to crashes. **Recommendations** For Tenda N301 wireless routers, avoid using a zero value for the `wanMTU` variable in the "goform/setSysTools" endpoint to prevent device crashes. As a temporary workaround, consider restricting access to the goform/setSysTools endpoint until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.