Keniver Wang

**Name of the Vulnerable Software and Affected Versions** Network camera device (affected versions not specified) **Description** The issue concerns the manage users profile services of the network camera device, which allows an authenticated remote attacker to modify URL parameters and amend a user's information. This can lead to privilege escalation, enabling the attacker to control the devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TONNET DVR firmware versions in TAT-76 and TAT-77 series (affected versions not specified) **Description** The issue concerns a misconfigured authentication mechanism in the DVR firmware. This allows attackers to crack the default password and gain access to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TONNET TAT-76 series (affected versions not specified) TONNET TAT-77 series (affected versions not specified) **Description** The issue concerns the DVR firmware in TAT-76 and TAT-77 series of products, which do not properly verify patch files. This allows attackers to inject a specific command into a patch file, potentially gaining access to the system. **Recommendations** For TONNET TAT-76 series, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For TONNET TAT-77 series, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ServiSign security plugin (affected versions not specified) **Description** An arbitrary-file-access issue exists, allowing attackers to access arbitrary files on the target system by learning a specific API function and crafting an API parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ServiSign security plugin (affected versions not specified) **Description** A Remote Code Execution issue exists in certain applications of the ServiSign security plugin. This allows attackers to execute arbitrary commands on the target system via maliciously crafted scripts, as long as the interface is captured. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advan VD-1 firmware versions up to 230 **Description** A relative path traversal issue allows attackers to download arbitrary files without authentication via the API endpoint "/cgi-bin/ExportSettings.cgi" with the `Download` parameter set to `filepath`. **Recommendations** For Advan VD-1 firmware versions up to 230, consider restricting access to the "/cgi-bin/ExportSettings.cgi" endpoint until a patch is available. As a temporary workaround, avoid using the `Download` parameter in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** Advan VD-1 firmware version 230 **Description** A broken access control issue allows an attacker to send a POST request to "cgibin/AdbSetting.cgi" and enable ADB without authentication, potentially leading to the device being used as a relay or for installing mining software. **Recommendations** For Advan VD-1 firmware version 230, consider disabling the ADB service until a patch is available to prevent exploitation. Restrict access to the "cgibin/AdbSetting.cgi" endpoint to minimize the risk of unauthorized ADB enablement.

**Name of the Vulnerable Software and Affected Versions** Advan VD-1 firmware versions up to 230 **Description** A broken access control issue allows an attacker to install arbitrary APKs without authentication by sending a POST request to "cgibin/ApkUpload.cgi". **Recommendations** For Advan VD-1 firmware versions up to 230, consider restricting access to the "cgibin/ApkUpload.cgi" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Advan VD-1 firmware versions up to 230 **Description** A cross-site scripting (XSS) issue is present due to improper escaping of error messages. When a requested resource is not found in the page cgibin/ssi.cgi, the VD-1 responds with a path error message, leading to a reflected XSS. **Recommendations** For Advan VD-1 firmware versions up to 230, update to a version higher than 230 to resolve the issue. As a temporary workaround, consider restricting access to the cgibin/ssi.cgi page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advan VD-1 firmware versions up to 230 **Description** A remote credential disclosure issue was found, allowing an attacker to export system configuration without encryption, thereby accessing the administrator's account and password in plain text. This can be achieved via the "cgibin/ExportSettings.cgi?Export=1" endpoint without requiring any authentication. **Recommendations** For Advan VD-1 firmware versions up to 230, as a temporary workaround, consider restricting access to the "cgibin/ExportSettings.cgi" endpoint until a patch is available. Additionally, avoid using the ExportSettings.cgi endpoint with the `Export=1` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EXCELLENT INFOTEK BiYan versions 1.57 through 2.8 **Description** The issue allows an attacker to leak user information without authentication by sending a `LOGIN ID` element to the "auth/main/asp/check user login info.aspx" API endpoint and then reading the response. This can be demonstrated by accessing the `KW EMAIL` or `KW TEL` field. **Recommendations** For versions 1.57 through 2.8, as a temporary workaround, consider restricting access to the "auth/main/asp/check user login info.aspx" API endpoint to minimize the risk of exploitation. Avoid using the `LOGIN ID` element in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EXCELLENT INFOTEK BiYan versions 1.57 through 2.8 **Description** The issue allows an attacker to leak user information, specifically passwords, without authentication. This is achieved by sending an `EMP NO` element to the "kws login/asp/query user.asp" API endpoint and then reading the `PWD` element. **Recommendations** For versions 1.57 through 2.8, consider restricting access to the "kws login/asp/query user.asp" API endpoint to prevent unauthorized password leaks. As a temporary workaround, avoid using the `EMP NO` element in this endpoint until a fix is available.