Junia Valente

Name of the Vulnerable Software and Affected Versions: DBPOWER U818A WIFI quadcopter drone (affected versions not specified) Description: The issue concerns the DBPOWER U818A WIFI quadcopter drone, which provides FTP access over its local access point and allows full file permissions to the anonymous user. This enables a remote user within range to access the drone's FTP server without a password and read or modify arbitrary files, including system files. The drone uses an outdated version of BusyBox, which may increase its vulnerability to known exploits. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zhuhai RaySharp firmware (affected versions not specified) **Description** The issue concerns a hardcoded root password in the firmware, making it easier for remote attackers to gain access through a session on TCP port 23 or 9000. This could allow an attacker to obtain protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Swann SRNVW-470LCD devices with firmware through 0114 Swann SRNVW-470CAM devices with firmware through 1022 **Description** The issue allows remote attackers to watch live video by visiting an unspecified URL. **Recommendations** For Swann SRNVW-470LCD devices with firmware through 0114, update the firmware to a version later than 0114. For Swann SRNVW-470CAM devices with firmware through 1022, update the firmware to a version later than 1022.