K4M1Ll0

**Name of the Vulnerable Software and Affected Versions** Mercusys MW325R EU V3 version 1.11.0 221019 **Description** An issue allows a WAN attacker to make the admin interface unreachable via an unauthenticated HTTP request. The verification of user data does not occur, and the web server remains operational, but the admin interface becomes invisible due to the unavailability of necessary files. Typically, a reboot of the router is required to restore the correct behavior. **Recommendations** For Mercusys MW325R EU V3 version 1.11.0 221019, as a temporary workaround, consider restricting access to the admin interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tp-Link TL-WR840N (EU) version 6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) **Description** The issue is related to a Buffer Overflow that can be triggered via the Password reset feature. This allows for potential exploitation. **Recommendations** For Tp-Link TL-WR840N (EU) version 6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n), consider disabling the Password reset feature until a patch is available. Restrict access to the Password reset functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artica Pandora FMS versions <=755 **Description** The issue allows an admin account to overwrite the .htaccess file using the File Manager component. A new .htaccess file can be created with a Rewrite Rule and a type definition, enabling the upload of a normal PHP file with the newly defined "file type". This PHP file can then be executed via an HTTP request. **Recommendations** For Artica Pandora FMS versions <=755, consider restricting access to the File Manager component to prevent overwriting the .htaccess file until a fix is available. As a temporary workaround, monitor and limit the creation of new .htaccess files and the upload of PHP files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions through 755 **Description** The issue allows for XSS via a new Event Filter with a crafted name. This can be exploited when a user creates a new Event Filter with a specifically designed name, potentially leading to cross-site scripting attacks. **Recommendations** For versions through 755, consider disabling the creation of new Event Filters until a patch is available to prevent potential XSS attacks. Restrict access to the Event Filter feature to minimize the risk of exploitation. Avoid using crafted names in the Event Filter to prevent the issue.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU) V5 171211 **Description** The PING function is vulnerable to remote code execution via a crafted payload in an IP address input field. This issue is related to incorrect code generation management. A remote attacker can exploit this to execute arbitrary code. A botnet known as Dark Mirai (also known as MANGA) has been using this vulnerability on the TP-Link TL-WR840N EU V5 router. **Recommendations** For TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU) V5 171211, update the firmware to a version later than TL-WR840N(EU) V5 171211 to resolve the issue. As a temporary workaround, consider restricting access to the PING function until a patch is available. Avoid using crafted payloads in IP address input fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR840N EU version 6.20 **Description** The issue is related to insecure protections for the UART console in the TP-Link TL-WR840N EU router. This allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. **Recommendations** For TP-Link TL-WR840N EU version 6.20, consider disabling the UART console as a temporary workaround until a patch is available. Restrict physical access to the UART port to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ARK library (affected versions not specified) **Description** A heap overflow issue was found in the ARK library of bandisoft Co., Ltd when the `Ark DigPathA` function parsed a file path. This issue is due to missing support for string length check. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Artica Pandora FMS versions prior to 754 Description: The issue concerns sensitive information exposure on the client side in the File Manager component, which can be accessed by attackers. Recommendations: For versions prior to 754, update to version 754 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PandoraFMS versions prior to 7.55 Description: The issue allows for Stored XSS by placing a payload in the `name` field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. Recommendations: For PandoraFMS versions prior to 7.55, update to version 7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the visual console to minimize the risk of exploitation. Avoid using the `name` field in the visual console until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: PandoraFMS versions prior to 7.55 Description: The issue allows for arbitrary file upload, which can lead to remote command execution via the File Manager. This is achieved by using a relative path in the requests to bypass the built-in protection. Recommendations: For versions prior to 7.55, update to version 7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Manager to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Artica Pandora FMS version 7.42 **Description** The issue allows Web Admin users to execute arbitrary code by uploading a .php file via the Updater or Extension component. However, the vendor reports that this functionality is intended. **Recommendations** For Artica Pandora FMS version 7.42, consider restricting access to the Updater or Extension component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions 7.x **Description** The issue allows for remote code execution with an authenticated user who has the ability to modify the alert system, potentially enabling the execution of commands as root or Administrator. It is noted that the product vendor disputes the existence of this issue as described, citing the requirement of admin rights to create alert commands and the capability of the extended ACL system to restrict access to specific configuration sections. **Recommendations** For Pandora FMS versions 7.x, ensure that admin rights are strictly controlled and consider utilizing the extended ACL system to disable access to sensitive sections of the configuration, such as defining new alert commands, to minimize potential risks.