Koh You Liang

**Name of the Vulnerable Software and Affected Versions** baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition versions prior to 2.25.1 **Description** A directory listing issue allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. This issue affects the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition, allowing attackers to access sensitive data. **Recommendations** For versions prior to 2.25.1, update to version 2.25.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the uploaded files directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Squirrel.Windows versions 2.0.1 and earlier **Description** The issue is related to the DLL search path in installers generated by Squirrel.Windows, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. Squirrel.Windows is a toolset and library that provides installation and update functionality for Windows desktop applications. **Recommendations** For Squirrel.Windows versions 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link wifi router TL-WR802N V4(JP) versions prior to 211202 **Description** The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This can allow a remote attacker to execute arbitrary commands. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For TP-Link wifi router TL-WR802N V4(JP) versions prior to 211202, update the firmware to version 211202 or later to resolve the issue. As a temporary workaround, consider restricting access to the router's operating system commands until a patch is available.

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841N V13 (JP) versions prior to 201216 Description: A Command Injection issue in the traceroute feature allows authenticated users to execute arbitrary code as root via shell metacharacters. Recommendations: For versions prior to 201216, update the firmware to a version that includes the fix for this issue.