Howard Mcgreehan

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** A missing authentication for a critical function in the Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally, which can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Local Security Authority Subsystem Service (affected versions not specified) **Description** An issue exists that allows attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Local Security Authority Subsystem Service (LSASS) (affected versions not specified) **Description** A null pointer dereference in the Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to cause a denial of service over a network. A null pointer dereference occurs when a program attempts to read or write to a memory location using a pointer that is null, typically leading to a system crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** A missing authentication for a critical function in the Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally, which can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** A use after free condition exists in the Windows Local Security Authority Subsystem Service (LSASS). This allows an authorized attacker to execute code over a network. Remote attackers can execute arbitrary code and affect the system. The vulnerability involves the use of memory after it has been freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Windows versions (affected versions not specified) Description A flaw in Windows HTTP.sys related to improper access control can allow an authorized attacker to elevate privileges over a network. This issue can be exploited remotely. The vulnerability enables Kerberos authentication relay to Active Directory Certificate Services (AD CS) via DNS CNAME abuse, bypassing NTLM protections. A proof-of-concept (PoC) has been released demonstrating how attackers can manipulate DNS CNAME resolution to coerce Windows clients into requesting Kerberos tickets for attacker-controlled Service Principal Names (SPNs), enabling credential relay and lateral movement. This poses a risk to Active Directory networks, even when NTLM is disabled. Mitigation means removing relay opportunities at the service layer. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS Download Master (affected versions not specified) **Description** The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this issue to execute arbitrary system commands on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS Download Master (affected versions not specified) **Description** The issue concerns a parameter in a certain page of ASUS Download Master that is not properly filtered for user input. This allows a remote attacker with administrative privilege to insert JavaScript code into the parameter, potentially leading to Reflected Cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS Download Master (affected versions not specified) **Description** The issue arises from a parameter in a certain page of ASUS Download Master that is not properly filtered for user input. This allows a remote attacker with administrative privilege to insert JavaScript code into the parameter, facilitating Stored Cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS Download Master (affected versions not specified) **Description** The upload functionality does not properly filter user input, allowing remote attackers with administrative privilege to upload any file to any location. This can include uploading malicious web page files to the website directory, enabling the execution of arbitrary system commands when the webpage is browsed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS Download Master (affected versions not specified) **Description** The issue is a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this to execute arbitrary system commands on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AX88U (affected versions not specified) **Description** The issue is related to a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory addresses and perform remote arbitrary code execution, arbitrary system operations, or disrupt service. This vulnerability is associated with the use of uncontrolled format strings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AX88U (affected versions not specified) **Description** The issue is related to insufficient filtering for special characters in the HTTP header parameter, allowing a remote attacker with general user privilege to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sharp NEC Displays versions UN462A R1.300 and prior to it Sharp NEC Displays versions UN462VA R1.300 and prior to it Sharp NEC Displays versions UN492S R1.300 and prior to it Sharp NEC Displays versions UN492VS R1.300 and prior to it Sharp NEC Displays versions UN552A R1.300 and prior to it Sharp NEC Displays versions UN552S R1.300 and prior to it Sharp NEC Displays versions UN552VS R1.300 and prior to it Sharp NEC Displays versions UN552 R1.300 and prior to it Sharp NEC Displays versions UN552V R1.300 and prior to it Sharp NEC Displays versions UX552S R1.300 and prior to it Sharp NEC Displays versions UX552 R1.300 and prior to it Sharp NEC Displays versions V864Q R2.000 and prior to it Sharp NEC Displays versions C861Q R2.000 and prior to it Sharp NEC Displays versions P754Q R2.000 and prior to it Sharp NEC Displays versions V754Q R2.000 and prior to it Sharp NEC Displays versions C751Q R2.000 and prior to it Sharp NEC Displays versions V984Q R2.000 and prior to it Sharp NEC Displays versions C981Q R2.000 and prior to it Sharp NEC Displays versions P654Q R2.000 and prior to it Sharp NEC Displays versions V654Q R2.000 and prior to it Sharp NEC Displays versions C651Q R2.000 and prior to it Sharp NEC Displays versions V554Q R2.000 and prior to it Sharp NEC Displays versions P404 R3.200 and prior to it Sharp NEC Displays versions P484 R3.200 and prior to it Sharp NEC Displays versions P554 R3.200 and prior to it Sharp NEC Displays versions V404 R3.200 and prior to it Sharp NEC Displays versions V484 R3.200 and prior to it Sharp NEC Displays versions V554 R3.200 and prior to it Sharp NEC Displays versions V404-T R3.200 and prior to it Sharp NEC Displays versions V484-T R3.200 and prior to it Sharp NEC Displays versions V554-T R3.200 and prior to it Sharp NEC Displays versions C501 R2.000 and prior to it Sharp NEC Displays versions C551 R2.000 and prior to it Sharp NEC Displays versions C431 R2.000 and prior to it Description: The issue allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in an http request. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sharp NEC Displays versions UN462A R1.300 and prior to it Sharp NEC Displays versions UN462VA R1.300 and prior to it Sharp NEC Displays versions UN492S R1.300 and prior to it Sharp NEC Displays versions UN492VS R1.300 and prior to it Sharp NEC Displays versions UN552A R1.300 and prior to it Sharp NEC Displays versions UN552S R1.300 and prior to it Sharp NEC Displays versions UN552VS R1.300 and prior to it Sharp NEC Displays versions UN552 R1.300 and prior to it Sharp NEC Displays versions UN552V R1.300 and prior to it Sharp NEC Displays versions UX552S R1.300 and prior to it Sharp NEC Displays versions UX552 R1.300 and prior to it Sharp NEC Displays versions V864Q R2.000 and prior to it Sharp NEC Displays versions C861Q R2.000 and prior to it Sharp NEC Displays versions P754Q R2.000 and prior to it Sharp NEC Displays versions V754Q R2.000 and prior to it Sharp NEC Displays versions C751Q R2.000 and prior to it Sharp NEC Displays versions V984Q R2.000 and prior to it Sharp NEC Displays versions C981Q R2.000 and prior to it Sharp NEC Displays versions P654Q R2.000 and prior to it Sharp NEC Displays versions V654Q R2.000 and prior to it Sharp NEC Displays versions C651Q R2.000 and prior to it Sharp NEC Displays versions V554Q R2.000 and prior to it Sharp NEC Displays versions P404 R3.200 and prior to it Sharp NEC Displays versions P484 R3.200 and prior to it Sharp NEC Displays versions P554 R3.200 and prior to it Sharp NEC Displays versions V404 R3.200 and prior to it Sharp NEC Displays versions V484 R3.200 and prior to it Sharp NEC Displays versions V554 R3.200 and prior to it Sharp NEC Displays versions V404-T R3.200 and prior to it Sharp NEC Displays versions V484-T R3.200 and prior to it Sharp NEC Displays versions V554-T R3.200 and prior to it Sharp NEC Displays versions C501 R2.000 and prior to it Sharp NEC Displays versions C551 R2.000 and prior to it Sharp NEC Displays versions C431 R2.000 and prior to it Description: The issue allows an attacker to execute remote code by sending long parameters that contain specific characters in an http request, resulting in a buffer overflow. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.