Jannis Kirschner

**Name of the Vulnerable Software and Affected Versions** Scytl sVote version 2.1 **Description** An issue was discovered where the sdm-ws-rest API does not require authentication, allowing an attacker to retrieve the administrative configuration by sending a POST request to the "/sdm-ws-rest/preconfiguration" API endpoint. **Recommendations** For Scytl sVote version 2.1, consider restricting access to the "/sdm-ws-rest/preconfiguration" API endpoint until a patch is available, and ensure proper authentication mechanisms are implemented for the sdm-ws-rest API.

**Name of the Vulnerable Software and Affected Versions** Scytl sVote version 2.1 **Description** An issue was discovered due to the implementation of the database manager, allowing an attacker to access the OrientDB by providing `admin` as the admin password. A different password cannot be set because of the implementation in code. **Recommendations** For Scytl sVote version 2.1, consider changing the default admin password to a unique and strong password as soon as possible. However, since the code implementation does not allow setting a different password, as a temporary workaround, restrict access to the OrientDB to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scytl sVote version 2.1 **Description** An issue was discovered in Scytl sVote where an attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias. This is possible because the application calls `Runtime.getRuntime().exec()` without validation, allowing for code injection. **Recommendations** For Scytl sVote version 2.1, consider disabling the functionality that allows creating election-events and injecting payloads over event aliases until a patch is available. Restrict access to the `Runtime.getRuntime().exec()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scytl sVote version 2.1 **Description** An issue was discovered in Scytl sVote where the IP address from an X-Forwarded-For header, which can be manipulated client-side, is used for the internal application logs. This allows an attacker to inject wrong IP addresses into these logs. **Recommendations** For Scytl sVote version 2.1, consider validating the IP address from the X-Forwarded-For header to prevent manipulation, or use an alternative method for logging IP addresses that is not susceptible to client-side manipulation. As a temporary workaround, restrict access to the internal application logs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2020 version 1.01rc001 **Description** The issue is related to the implementation of the WEB CmdFileList() function in the D-Link DAP-2020 Wi-Fi access point's firmware, which fails to neutralize special elements used in operating system commands when processing CGI scripts. This allows an attacker to execute arbitrary code on the device. The flaw exists due to the lack of proper validation of a user-supplied string before using it to execute a system call, enabling an attacker to execute code in the context of root. No authentication is required to exploit this issue. **Recommendations** For D-Link DAP-2020 version 1.01rc001, consider disabling the WEB CmdFileList() function as a temporary workaround until a patch is available. Restrict access to CGI scripts to minimize the risk of exploitation. Avoid using user-supplied strings in system calls until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.