Hugo Van Den Toorn

**Name of the Vulnerable Software and Affected Versions** Pyrescom Termod4 versions prior to 10.04k **Description** The issue allows authenticated remote attackers to execute arbitrary commands as root on the devices, which can lead to remote code execution. **Recommendations** For versions prior to 10.04k, update to version 10.04k or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pyrescom Termod4 versions prior to 10.04k **Description** The issue allows authenticated remote attackers to traverse directories and read sensitive files. This is achieved by manipulating the file-path in the URL via the Maintenance > Logs menu. **Recommendations** For versions prior to 10.04k, update to version 10.04k or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pyrescom Termod4 versions prior to 10.04k **Description** The issue concerns sensitive information disclosure and weak encryption, allowing remote attackers to read a session-file and obtain plain-text user credentials. **Recommendations** For versions prior to 10.04k, update to version 10.04k or later to resolve the issue.