Harold Zang

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55 Description: An issue was discovered where the One Touch application discloses sensitive information. This includes the hashed admin login password and the Internet provider connection username and cleartext password. The sensitive information is disclosed in the application's response body for a "/tmp/var/passwd" or "/tmp/home/wan stat" URI. Recommendations: For versions prior to AU 2.31 V1.1.47ae55, update the firmware to AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/tmp/var/passwd" and "/tmp/home/wan stat" URIs until a patch is available. Avoid using the One Touch application until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2888A devices with firmware prior to AU 2.31 V1.1.47ae55 **Description** An issue was discovered that allows a malicious network user to access system folders and download sensitive files, such as the password hash file, due to a misconfigured FTP service. **Recommendations** For D-Link DSL-2888A devices with firmware prior to AU 2.31 V1.1.47ae55, update the firmware to version AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider disabling the FTP service until a patch is available. Restrict access to system folders to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55 **Description** An issue was discovered that allows an unauthenticated attacker to bypass authentication and access authenticated pages and functionality. This is related to weaknesses in the authentication procedure. The exploitation of this issue may allow a remote attacker to elevate their privileges. **Recommendations** For versions prior to AU 2.31 V1.1.47ae55, update the firmware to version AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider restricting access to authenticated pages and functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55 **Description** The issue is related to a lack of authentication functionality, allowing an attacker to assign a static IP address that was once used by a valid user. This can potentially lead to IP spoofing attacks. The vulnerability can be exploited remotely. **Recommendations** For D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55, update the firmware to AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider restricting access to the static IP address assignment feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55 **Description** The issue is related to the execute cmd.cgi feature, which allows an authenticated user to execute Operating System commands. This feature is not reachable via the web user interface. The vulnerability is due to the lack of measures to neutralize special elements used in the Operating System command, which can be exploited by a remote attacker to execute arbitrary commands. **Recommendations** For D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55, update the firmware to version AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider restricting access to the execute cmd.cgi feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Hospitality OPERA 5 version 5.5 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some of Oracle Hospitality OPERA 5's accessible data, as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5's accessible data. **Recommendations** For Oracle Hospitality OPERA 5 version 5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Hospitality OPERA 5 versions 5.5 and 5.6 **Description** The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5, resulting in unauthorized access to critical data or complete access to all accessible data. Successful attacks require human interaction from a person other than the attacker and can be easily exploited. **Recommendations** For versions 5.5 and 5.6, update to a version that includes a fix for this issue to prevent unauthorized access to critical data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Hospitality Opera 5 version 5.5 **Description** The issue is related to inadequate access control in the Oracle Hospitality Opera 5 product, allowing a remote attacker to gain unauthorized access to protected information or modify, add, or delete data using the HTTP protocol. This can result in unauthorized access to critical data or complete access to all accessible data, as well as unauthorized update, insert, or delete access to some accessible data. **Recommendations** For Oracle Hospitality Opera 5 version 5.5, update the software to a version that addresses the inadequate access control issue. As a temporary workaround, consider restricting access to the login component to minimize the risk of exploitation. Avoid using the HTTP protocol for sensitive operations until the issue is resolved.