Javier Repiso Sánchez

**Name of the Vulnerable Software and Affected Versions** AirLive WL2600CAM (affected versions not specified) **Description** A directory traversal issue exists in the cgi-bin/admin/fileread endpoint, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `READ.filePath` parameter. **Recommendations** For AirLive WL2600CAM, restrict access to the cgi-bin/admin/fileread endpoint until a fix is available. As a temporary workaround, consider disabling the use of the `READ.filePath` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) version 6.2.10.11 **Description** The issue allows remote attackers to create or overwrite arbitrary files. This can be achieved by providing a file path to certain methods, specifically the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods. **Recommendations** For version 6.2.10.11, as a temporary workaround, consider restricting access to the StartRecord, SaveCurrentImage, and StartRecordMedia methods until a patch is available. Avoid using these methods with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Brickcom FB-100Ap versions 3.0.6.16C1 and earlier Brickcom WCB-100Ap versions 3.0.6.16C1 and earlier Brickcom MD-100Ap versions 3.0.6.16C1 and earlier Brickcom WFB-100Ap versions 3.0.6.16C1 and earlier Brickcom OB-100Ae versions 3.0.6.16C1 and earlier Brickcom OSD-040E versions 3.0.6.16C1 and earlier **Description** The issue allows remote attackers to obtain sensitive information, including user names, passwords, and configurations, by accessing the configfile.dump file via a get action. This is due to improper access restrictions. **Recommendations** For Brickcom FB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1. For Brickcom WCB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1. For Brickcom MD-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1. For Brickcom WFB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1. For Brickcom OB-100Ae version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1. For Brickcom OSD-040E version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.