Izxnfirh8148

**Name of the Vulnerable Software and Affected Versions** Tenda AC18 version V15.03.05.05 multi **Description** A command injection issue exists in the '/goform/SetSambaCfg' interface. Improper handling of the `guestuser` parameter allows attackers to execute arbitrary system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/SetSambaCfg' interface or avoid using the `guestuser` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Mercury MIPC252W version 1.0.5 Build 230306 Rel.79931n **Description** A handling issue in the RTSP (Real Time Streaming Protocol) service allows an authenticated attacker to trigger session termination. By repeatedly sending SETUP requests for the same media track within a single RTSP session, the server resets the connection, resulting in a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.