Hiky8

**Name of the Vulnerable Software and Affected Versions** ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System version 1.8 **Description** The web management interface lacks Cross-Site Request Forgery (CSRF) protection mechanisms, specifically missing tokens and Origin/Referer validation, on critical configuration endpoints. This could allow an attacker to perform unauthorized actions on behalf of an authenticated user. **Recommendations** Apply updates to address the missing CSRF protection mechanisms on critical configuration endpoints in version 1.8.

**Name of the Vulnerable Software and Affected Versions** DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 **Description** An issue exists in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 related to access control. An unauthenticated attacker can access an administrative endpoint. The affected endpoint is an administrative endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** narda miteq Uplink Power Control Unit UPC2 version 1.17 **Description** A Cross-Site Request Forgery (CSRF) issue exists in the narda miteq Uplink Power Control Unit UPC2 version 1.17. A remote attacker can potentially execute arbitrary code through the web-based management interface. The following API endpoints are affected: `/system setup.htm`, `/set clock.htm`, `/receiver setup.htm`, `/cal.htm?…`, and `/channel setup.htm`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dasan Switch DS2924 versions 1.01.18 and 1.02.00 **Description** An authentication bypass exists in the web based interface of Dasan Switch DS2924. Successful exploitation allows attackers to gain escalated privileges by storing specially crafted cookies in the web browser. **Recommendations** Update firmware to a version that addresses this issue. As a temporary workaround, clear browser cookies after each use of the web interface.

Name of the Vulnerable Software and Affected Versions: ENENSYS IPGuard v2 version 2.10.0 Description: The issue concerns hardcoded credentials in the software. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: For ENENSYS IPGuard v2 version 2.10.0, consider changing the hardcoded credentials to unique, secure credentials as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.