H00Die

**Name of the Vulnerable Software and Affected Versions** Netcore and Netis routers (affected versions not specified) **Description** A remote code execution issue exists due to an undocumented backdoor listener on UDP port 53413. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. The backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Remote Mouse Server by Emote Interactive version 4.110 **Description** The issue arises due to the product's reliance on a trivial substitution cipher sent in cleartext and its use of a default password when no password is set by the user. This allows attackers to inject OS commands over the product's custom control protocol. **Recommendations** Remote Mouse Server by Emote Interactive version 4.110: Update the software to a version that does not rely on trivial substitution ciphers and default passwords, or set a strong custom password to mitigate the risk. As a temporary workaround, consider restricting access to the custom control protocol until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Unified Remote (affected versions not specified) **Description** The web management interface for Unified Intents' Unified Remote solution does not require authentication, allowing a remote, unauthenticated attacker to change or disable authentication requirements for the Unified Remote protocol. This can be leveraged to run code of the attacker's choosing. The issue is related to an incorrect authorization procedure in the web management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VICIdial versions prior to 3555 **Description** The issue is related to a SQL Injection vulnerability in the admin interface of VICIdial, specifically affecting the `/vicidial/admin.php` endpoint through the `modify email accounts`, `access recordings`, and `agentcall email` parameters. This allows an attacker to spoof identity, tamper with existing data, disclose all data on the system, destroy data, or become administrators of the database server. **Recommendations** For VICIdial versions prior to 3555, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `/vicidial/admin.php` endpoint and limiting the use of the `modify email accounts`, `access recordings`, and `agentcall email` parameters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VICIdial (affected versions not specified) **Description** The issue allows an attacker to spoof identity, tamper with existing data, disclose all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server via a SQL Injection vulnerability in the User Stats interface. The vulnerability is exploited through the `file download` parameter in the `/vicidial/user stats.php` API endpoint. **Recommendations** As a temporary workaround, consider disabling the `/vicidial/user stats.php` API endpoint until a patch is available. Restrict access to the `file download` parameter in the User Stats interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VICIdial versions 2.14b0.5 prior to 3555 **Description** The issue is related to a SQL Injection vulnerability in the AST Agent Time Sheet interface of VICIdial, specifically in the `/vicidial/AST agent time sheet.php` endpoint, via the `agent` parameter. This allows an attacker to spoof identity, tamper with existing data, disclose all data on the system, destroy data, or make it unavailable, and potentially become administrators of the database server. **Recommendations** For VICIdial versions 2.14b0.5 prior to 3555, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the `/vicidial/AST agent time sheet.php` endpoint or limiting the use of the `agent` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Unitrends Backup versions prior to 10.1.0 **Description** The issue allows an unauthenticated user to bypass authentication and inject arbitrary commands into the `parameters` using backquotes in the "/api/hosts" API endpoint. **Recommendations** For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Unitrends Backup versions prior to 10.1.0 **Description** A security issue was found where the authentication in libbpext.so could be bypassed using a SQL injection, allowing a remote attacker to potentially place a privilege escalation exploit on the system and execute arbitrary commands. **Recommendations** For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Unitrends Backup versions prior to 10.0.0 **Description** The issue is related to the `api/storage` web interface, where an input parameter was not validated, allowing a remote attacker to bypass authentication and execute arbitrary commands with root privilege on the target system. This flaw is associated with deficiencies in the authentication procedure, which can be exploited by a remote attacker to bypass authentication or execute arbitrary commands with root privileges. **Recommendations** For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `api/storage` web interface to minimize the risk of exploitation. Avoid using unvalidated input parameters in the `api/storage` interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Allwinner 3.4 legacy kernel for H3, A83T and H8 devices **Description** The issue allows local users to gain root privileges. This is achieved by sending "rootmydevice" to the /proc/sunxi debug/sunxi debug API endpoint. **Recommendations** For Allwinner 3.4 legacy kernel for H3, A83T and H8 devices, consider restricting access to the /proc/sunxi debug/sunxi debug endpoint to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** dnaLIMS version 4-2015s13 **Description** An issue was discovered in dnaLIMS, where it is vulnerable to session hijacking by guessing the `UID` parameter. **Recommendations** For dnaLIMS version 4-2015s13, consider implementing additional security measures to protect against session hijacking, such as restricting access to sensitive areas of the application or using more secure session management practices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dnaLIMS version 4-2015s13 **Description** An issue was discovered in dnaLIMS where it stores passwords in plaintext. The passwords are stored in the /home/dna/spool/.pfile file. **Recommendations** For version 4-2015s13, consider encrypting the passwords stored in the .pfile file to prevent unauthorized access. As a temporary workaround, restrict access to the /home/dna/spool/.pfile file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dnaLIMS version 4-2015s13 **Description** An issue was discovered in dnaLIMS, allowing an unauthenticated attacker to access system files readable by the web server user through a NUL-terminated directory traversal attack. This is achieved by exploiting the `seqID` parameter in the "viewAppletFsa.cgi" endpoint. **Recommendations** For dnaLIMS version 4-2015s13, consider restricting access to the "viewAppletFsa.cgi" endpoint to prevent exploitation. Additionally, avoid using the `seqID` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dnaLIMS version 4-2015s13 **Description** The issue concerns an improperly protected administrative web shell, allowing unauthenticated command execution. This can be exploited through `cgi-bin/dna/sysAdmin.cgi` using specially crafted POST requests, enabling a remote attacker to execute arbitrary commands. The vulnerability is related to the lack of input data sanitization measures in the administrative web shell of the dnaLIMS software. **Recommendations** For dnaLIMS version 4-2015s13, consider disabling access to the `cgi-bin/dna/sysAdmin.cgi` endpoint until a patch is available to prevent exploitation. Restricting access to this administrative web shell can help minimize the risk of command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Addonics NAS Adapter NASU2FW41 with loader 1.17 **Description** The issue is related to multiple buffer overflows in the FTP server, which can be exploited by remote attackers to cause a denial of service, specifically a TCP/IP outage. This can be achieved by sending long arguments to certain commands, including the `XRMD`, `delete`, `RNFR`, or `RNTO` command. **Recommendations** For Addonics NAS Adapter NASU2FW41 with loader 1.17, consider restricting access to the FTP server until a fix is available. As a temporary workaround, limit the length of arguments that can be passed to the `XRMD`, `delete`, `RNFR`, or `RNTO` commands to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.