Keroomi

**Name of the Vulnerable Software and Affected Versions** Ningyuanda TC155 version 57.0.2.0 **Description** A flaw exists in the RTSP Live Video Stream Endpoint component of Ningyuanda TC155, specifically related to improper authentication. This issue allows for authentication bypass when the attack is initiated from within the local network. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ningyuanda TC155 version 57.0.2.0 **Description** A flaw exists in the RTSP Service component of Ningyuanda TC155 version 57.0.2.0. Manipulation of an unknown function within this service can lead to a denial of service. The attack requires local network access. The exploit is publicly available, and the vendor was informed of the issue but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ningyuanda TC155 version 57.0.2.0 **Description** A flaw exists in Ningyuanda TC155 version 57.0.2.0 related to improper access controls within the ONVIF Device Management Service component. The issue stems from manipulating the `FactoryDefault` argument with the input `Hard` in the file `/onvif/device service`. This requires access to the local network. The exploit has been publicly disclosed. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ningyuanda TC155 version 57.0.2.0 **Description** A flaw exists within the ONVIF PTZ Control Interface component of Ningyuanda TC155 version 57.0.2.0, specifically concerning the file `/onvif/device service`. This issue results in improper access controls. The attack requires network proximity to the target. The exploit is publicly available. The vendor was informed of this issue but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Online Admission System version 1.0 **Description** A critical issue affects the processing of the file `documents.php`, leading to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Project Worlds Online Admission System version 1.0, consider disabling the `documents.php` file or restricting its access to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the file to minimize the risk of unrestricted upload. At the moment, there is no information about a newer version that contains a fix for this issue.