James A. Chambers

**Name of the Vulnerable Software and Affected Versions** JasMiner-X4-Server versions 20220621-090907 and below **Description** The Eclipse TCF debug interface is open on port 1534, allowing unauthenticated attackers to gain root privileges on the affected device, access sensitive data, or execute arbitrary commands. **Recommendations** For JasMiner-X4-Server versions 20220621-090907 and below, consider disabling the Eclipse TCF debug interface on port 1534 as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InnoSilicon A10 version a10 20200924 120556 **Description** A remote code execution issue was found in the `setPlatformAPI` function, allowing for potential exploitation. **Recommendations** For InnoSilicon A10 version a10 20200924 120556, as a temporary workaround, consider disabling the `setPlatformAPI` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InnoSilicon T3T+ version t2t+ soc 20190911 151433.swu **Description** A remote code execution issue was found in the `checkUrl` function, allowing for potential exploitation. **Recommendations** For version t2t+ soc 20190911 151433.swu, as a temporary workaround, consider disabling the `checkUrl` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Canaan Avalon ASIC Miner versions 2020.3.30 and below **Description** The issue is related to an access control problem, allowing unauthenticated attackers to change user passwords using a crafted POST request. **Recommendations** For Canaan Avalon ASIC Miner versions 2020.3.30 and below, update to a version above 2020.3.30 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Goldshell ASIC Miners versions 2.2.1 and below **Description** The issue allows unauthenticated attackers to retrieve arbitrary files from the device due to a path traversal vulnerability. **Recommendations** For Goldshell ASIC Miners versions 2.2.1 and below, update to a version above 2.2.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Goldshell ASIC Miners versions 2.2.1 and below **Description** The debug interface of Goldshell ASIC Miners was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext. **Recommendations** For Goldshell ASIC Miners versions 2.2.1 and below, update to a version above 2.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the debug interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Goldshell ASIC Miners versions 2.1.x **Description** The issue concerns hardcoded credentials in the software, allowing attackers to remotely connect via the SSH protocol on port 22. **Recommendations** For Goldshell ASIC Miners versions 2.1.x, consider changing the default credentials and restricting access to the SSH protocol as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.