Guilherme Rubert

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR740N version 4 TP-Link TL-WR740ND version 4 **Description** The issue allows an attacker with access to the admin panel to inject HTML code, altering the HTML context of target pages and stations in access-control settings. This can be achieved via `targets lists name` or `hosts lists name`. Additionally, the issue can be exploited through a CSRF, which does not require administrator authentication. **Recommendations** For TP-Link TL-WR740N version 4, consider restricting access to the admin panel to prevent unauthorized changes. For TP-Link TL-WR740ND version 4, avoid using the `targets lists name` and `hosts lists name` parameters in the access-control settings until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Octech Oempro versions 4.7 through 4.11 **Description** The issue allows stored XSS by an authenticated user. The `FolderName` parameter of the `Media.CreateFolder` command is vulnerable. **Recommendations** For versions 4.7 through 4.11, consider restricting access to the `Media.CreateFolder` command until a fix is available, and avoid using the `FolderName` parameter in this command to minimize the risk of exploitation.