Jincheng Wang

**Name of the Vulnerable Software and Affected Versions** HIKSEMI NAS products (affected versions not specified) **Description** Insufficient input validation on the interface allows authenticated users to execute arbitrary commands on the device by crafting specific messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HIKSEMI NAS products (affected versions not specified) **Description** An inadequate access control mechanism allows authenticated users to manipulate file resources belonging to other users without authorization. There is no information available regarding the number of potentially affected devices or any real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HIKSEMI NAS products (affected versions not specified) **Description** A flaw exists in certain HIKSEMI NAS products due to improper handling of filenames. This can result in the disclosure of sensitive system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HIKSEMI NAS products (affected versions not specified) **Description** Insufficient input parameter validation on the interface allows authenticated users to cause abnormal device behavior by crafting specific messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 **Description** A post-authentication command injection vulnerability in the NTP feature could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. **Recommendations** For Zyxel NBG6604 firmware version V1.01(ABIR.1)C0, consider disabling the NTP feature until a patch is available to prevent potential command injection attacks. Restrict access to the NTP module to minimize the risk of exploitation. Avoid using the NTP feature in the affected firmware version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Das U-Boot versions 2020.10 through 2022.07-rc3 **Description** The issue is related to an out-of-bounds write via the function `sqfs readdir()`. **Recommendations** For Das U-Boot versions 2020.10 through 2022.07-rc3, consider disabling the `sqfs readdir()` function as a temporary workaround until a patch is available.