Hadess

**Name of the Vulnerable Software and Affected Versions** FriendlyWrt version 2022-11-16.51b3d35 **Description** A cryptographic key vulnerability is encoded in the FriendlyWrt firmware, which could allow an attacker to compromise the confidentiality and integrity of encrypted data. **Recommendations** For version 2022-11-16.51b3d35, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Korenix JetI/O 6550 version F208 Build:0817 **Description** The issue concerns an information exposure vulnerability. It is related to the SNMP protocol, which transfers data in plaintext. This allows an attacker to intercept traffic and retrieve credentials. **Recommendations** For Korenix JetI/O 6550 version F208 Build:0817, consider disabling the SNMP protocol until a patch is available to prevent information exposure. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WIC1200 version 1.1 **Description** A Cross-site scripting (XSS) vulnerability has been found, allowing an authenticated user to store a malicious javascript payload in the `device model` parameter via "/setup/diags ir learn.asp". This enables the attacker to retrieve the session details of another user. **Recommendations** For version 1.1, consider disabling access to the "/setup/diags ir learn.asp" endpoint until a patch is available. Restrict the ability to store data in the `device model` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WIC1200 version 1.1 **Description** A Cross-Site Request Forgery (CSRF) vulnerability has been found, allowing an authenticated user to lead another user into executing unwanted actions inside the application they are logged in. This is due to the lack of proper CSRF token implementation. **Recommendations** For version 1.1, consider implementing a proper CSRF token to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive features within the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WIC200 version 1.1 **Description** A Weak Cryptography for Passwords issue has been detected, allowing a remote user to intercept traffic and retrieve credentials from another user. The credentials can be decoded from base64, enabling the attacker to view them in plain text. **Recommendations** For version 1.1, consider updating the cryptography mechanism to a more secure standard to prevent interception and decoding of credentials. As a temporary workaround, restrict access to sensitive areas of the system to minimize the risk of exploitation.