Kelly Leuschner

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-HTTP version 3.01.01 **Description** A heap-based buffer overflow vulnerability exists in the HTTP Server functionality. This issue can be triggered by a specially crafted set of network packets, potentially leading to arbitrary code execution. An attacker can exploit this by sending a malicious packet. **Recommendations** For Weston Embedded uC-HTTP version 3.01.01, consider disabling the HTTP Server functionality until a patch is available to prevent exploitation. Restrict access to the HTTP server to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-HTTP version 3.01.01 **Description** A memory corruption issue exists in the HTTP Server Host header parsing functionality. This can be triggered by a specially crafted network packet, potentially leading to code execution. An attacker can exploit this by sending a malicious packet. **Recommendations** For Weston Embedded uC-HTTP version 3.01.01, update to a version that fixes the memory corruption vulnerability in the HTTP Server Host header parsing functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-HTTP version 3.01.01 **Description** A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality. This issue can be triggered by a specially crafted network packet, potentially leading to code execution. An attacker can exploit this by sending a malicious packet. **Recommendations** For version 3.01.01, consider disabling the HTTP Server form boundary functionality until a patch is available to prevent potential code execution. Restrict access to the HTTP Server to minimize the risk of exploitation. Avoid using the vulnerable functionality in the HTTP Server form boundary until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-HTTP version 3.01.01 **Description** An out-of-bounds write issue exists in the HTTP Server functionality. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this issue, potentially allowing a remote attacker to execute arbitrary code by sending a specially crafted HTTP request. **Recommendations** For version 3.01.01, consider disabling the HTTP Server functionality until a patch is available. Restrict access to the HTTP Server to minimize the risk of exploitation. Avoid using the vulnerable HTTP Server functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-HTTP version 3.01.01 **Description** A memory corruption issue exists in the HTTP Server form boundary functionality. This can be triggered by a specially crafted network packet, potentially leading to code execution. An attacker can exploit this by sending a malicious packet. **Recommendations** For Weston Embedded uC-HTTP version 3.01.01, consider disabling the HTTP Server form boundary functionality until a patch is available to prevent potential code execution. Restrict access to the HTTP server to minimize the risk of exploitation. Avoid using the vulnerable version until an update or fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-HTTP version 3.01.01 **Description** A memory corruption issue exists in the HTTP Server header parsing functionality. This can be exploited by sending specially crafted network packets, potentially leading to code execution. An attacker can trigger this issue by sending a malicious packet. **Recommendations** For version 3.01.01, consider disabling the HTTP Server header parsing functionality until a patch is available. Restrict access to the HTTP server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-FTPs version 1.98.00 **Description** An out-of-bounds read issue exists in the PORT command parameter extraction functionality. A specially-crafted set of network packets can lead to denial of service. This occurs when no IP address argument is provided to the `PORT` command. An attacker can send packets to trigger this issue. **Recommendations** For Weston Embedded uC-FTPs version 1.98.00, consider restricting access to the PORT command until a patch is available. As a temporary workaround, ensure that an IP address argument is always provided to the `PORT` command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-FTPs version 1.98.00 **Description** An authentication bypass issue exists in the Authentication functionality. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this issue. **Recommendations** For Weston Embedded uC-FTPs version 1.98.00, consider restricting access to the authentication functionality until a patch is available. As a temporary workaround, avoid using the vulnerable authentication mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Weston Embedded uC-FTPs version 1.98.00 **Description** An out-of-bounds read issue exists in the PORT command parameter extraction functionality. This can be triggered by a specially-crafted set of network packets, leading to denial of service. The issue occurs when no port argument is provided to the `PORT` command. An attacker can exploit this by sending specific packets. **Recommendations** For Weston Embedded uC-FTPs version 1.98.00, consider restricting access to the PORT command until a patch is available. As a temporary workaround, ensure that a port argument is always provided to the `PORT` command to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lenovo Smart Clock Essential with Alexa Built In (affected versions not specified) **Description** A default password in the device could allow unauthorized access to an attacker with local network access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Home Network Security versions 6.6.604 and earlier Description: The issue concerns a hard-coded password vulnerability in the log collection server. This could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. Recommendations: For Trend Micro Home Network Security versions 6.6.604 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Home Network Security versions 6.6.604 and earlier Description: The issue is related to an iotcl stack-based buffer overflow, which could allow an attacker to execute code on affected devices by issuing a specially crafted iotcl. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target device. Recommendations: For Trend Micro Home Network Security versions 6.6.604 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Home Network Security versions 6.6.604 and earlier Description: The issue allows an attacker to escalate privileges on affected devices by issuing a specially crafted iotcl, exploiting a stack-based buffer overflow vulnerability. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target device. Recommendations: For Trend Micro Home Network Security versions 6.6.604 and earlier, update to a version later than 6.6.604 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Home Network Security versions 6.5.599 and earlier **Description** The issue is related to a file-parsing vulnerability, which could allow an attacker to cause a denial-of-service to the device. It is also described as being related to resource release errors, potentially allowing a remote attacker to exploit the issue and cause a denial-of-service. **Recommendations** For Trend Micro Home Network Security versions 6.5.599 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Home Network Security versions 6.5.599 and earlier **Description** The issue is related to a file-parsing vulnerability that could allow a remote attacker to cause a denial-of-service to the device. This vulnerability is similar to other known issues but has distinct characteristics. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Trend Micro Home Network Security versions 6.5.599 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lantronix XPort EDGE versions 3.0.0.0R11 through 4.2.0.0R7 **Description** An information disclosure issue exists in the Web Manager and telnet CLI functionality. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this issue. **Recommendations** For versions 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12, and 4.2.0.0R7, consider disabling the Web Manager and telnet CLI functionality until a patch is available. Restrict access to the network to minimize the risk of exploitation. Avoid using the vulnerable functionality in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WAGO PFC 200 (affected versions not specified) **Description** A stack buffer overflow issue exists in the iocheckd service, specifically in the "I/O-Check" functionality. This can be triggered by sending a specially crafted packet, causing the parsing of a cache file. The vulnerability involves the use of `sprintf()` to format a string with a state value extracted from an XML file, which can lead to a buffer overflow at `sp+0x40`. Later, `strcpy()` is used to copy the contents of this overflowed buffer into an adjacent buffer `sp+0x440` on the stack, resulting in invalid memory access due to the lack of NULL termination. An attacker can exploit this by providing a state value of sufficient length, such as 0x3c9, to cause the service to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAGO PFC 200 Firmware version 03.02.02(14) **Description** A command injection issue exists in the iocheckd service 'I/O-Check' function. This is due to the parsing of a specially crafted XML cache file, which can be used to inject OS commands. An attacker can trigger the parsing of this cache file by sending a specially crafted packet. The vulnerability involves the use of the extracted type value from the XML file as an argument to the `/etc/config-tools/config interfaces` interface, which is later executed via a call to `system()`. The `config-type` parameter is set to the contents of the `type` node, using `sprintf()`. **Recommendations** For WAGO PFC 200 Firmware version 03.02.02(14), consider disabling the 'I/O-Check' function in the iocheckd service until a patch is available. Restrict access to the XML cache file to minimize the risk of exploitation. Avoid using the `config-type` parameter in the `/etc/config-tools/config interfaces` interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WAGO PFC 200 Firmware version 03.02.02(14) **Description** A stack buffer overflow issue exists in the iocheckd service, specifically in the 'I/O-Check' functionality. This can be triggered by sending a specially crafted packet, causing the parsing of a cache file. The `sprintf()` function overflows the destination buffer `sp+0x440` when type values exceed a certain length. For example, a type value of length 0x3d9 can cause the service to crash. **Recommendations** For WAGO PFC 200 Firmware version 03.02.02(14), consider disabling the iocheckd service or restricting access to it until a patch is available. As a temporary workaround, avoid using type values greater than 1024-len('/etc/config-tools/config interfaces interface=X1 state=enabled config-type=') in length to prevent the buffer overflow.

**Name of the Vulnerable Software and Affected Versions** WAGO PFC 200 Firmware version 03.02.02(14) **Description** A stack buffer overflow issue exists in the iocheckd service, specifically in the 'I/O-Check' functionality. This can be triggered by sending a specially crafted packet, causing the parsing of a cache file. The `sprintf()` function is used to write to the destination buffer `sp+0x440`, which can be overflowed if the `ip` value is too long. For example, an `ip` value of length `0x3da` can cause the service to crash. **Recommendations** For WAGO PFC 200 Firmware version 03.02.02(14), consider restricting access to the iocheckd service until a patch is available. As a temporary workaround, avoid using `ip` values that are greater than 1024-len('/etc/config-tools/config interfaces interface=X1 state=enabled ip-address=') in length to prevent the buffer overflow.