Jeongun Baek

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. These vulnerabilities could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS). The vulnerabilities are also associated with insufficient authorization procedure in the web interface of the routers' firmware, which can be exploited to gain root privileges. **Recommendations** For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, consider disabling the web interface until a patch is available. Restrict access to the utility-ping-request functionality to minimize the risk of local privilege escalation. Avoid using unsigned software and ensure proper authentication and authorization mechanisms are in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XPLATFORM versions 9.2.2.270 and earlier Description: The issue allows for the execution of arbitrary commands due to improper input validation in the ActiveX component. Recommendations: For XPLATFORM versions 9.2.2.270 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cnesty Helpcom 10.0 versions prior to Description: A vulnerability could allow an unauthenticated attacker to execute arbitrary commands due to insufficient validation of the `parameter`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Helpcom (affected versions not specified) Description: A vulnerability exists due to insufficient authentication validation, allowing an unauthenticated attacker to execute arbitrary commands. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tobesoft XPlatform versions prior to 9.2.2.280 Description: The issue is caused by insufficient validation of improper classes, allowing an unauthenticated attacker to execute arbitrary commands. Recommendations: For versions prior to 9.2.2.280, update to version 9.2.2.280 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Helpcom versions prior to 10.0 Description: The issue is caused by a hardcoded cryptographic key, leading to a file download and execution vulnerability. This can be exploited via access to a crafted web page. Recommendations: For versions prior to 10.0, update to version 10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CyMiInstaller322 ActiveX (affected versions not specified) **Description** A vulnerability in the CyMiInstaller322 ActiveX component, which is used by MIPLATFORM to download files required for application execution, allows an attacker to download randomly generated DLL files. Due to insufficient verification, MIPLATFORM loads these DLLs, potentially leading to exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOBESOFT XPLATFORM versions 9.1 through 9.2.2 **Description** A use-after-free issue may lead to code execution on a system running the affected software. **Recommendations** For TOBESOFT XPLATFORM versions 9.1 through 9.2.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tobesoft Xplatform versions 9.2.2.250 and earlier **Description** The issue allows for arbitrary code execution by utilizing a method supported by the Xplatform ActiveX Control, enabling an attacker to cause remote code execution. **Recommendations** For versions 9.2.2.250 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tobesoft Nexacro versions 2019.9.25.1 and earlier **Description** The issue allows for arbitrary code execution by utilizing a method supported by the Nexacro14 ActiveX Control, enabling an attacker to cause remote code execution. **Recommendations** For Tobesoft Nexacro versions 2019.9.25.1 and earlier, consider disabling the Nexacro14 ActiveX Control as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tobesoft XPlatform versions 9.1 through 9.2.2 **Description** The issue allows an attacker to load unauthorized DLL files, which can lead to remote code execution. **Recommendations** For versions 9.1 through 9.2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.