Iok-Jin Sih

**Name of the Vulnerable Software and Affected Versions** Wade Graphic Design FANTSY (affected versions not specified) **Description** The issue is related to insufficient filtering for file type in the file update function. An authenticated remote attacker with general user privilege can exploit this to upload a PHP file containing a webshell, allowing for arbitrary system operation or service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Atop Technology industrial 3G/4G gateway (affected versions not specified) **Description** The issue is related to a Command Injection vulnerability. It occurs due to insufficient input validation in the device's web management interface, allowing attackers to inject specific code and execute system commands without privilege. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.