Lê Hữu Quang Linh

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** A flaw exists in Microsoft SharePoint Server that enables remote attackers to execute arbitrary code and compromise the system. The issue stems from insufficient input validation. Exploitation of this flaw could allow an attacker to execute code remotely by using specially crafted data. This is a post-authentication remote code execution issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Network Watcher VM Agent (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability. No further details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZyXEL VPN versions 4.30 through 5.37 ZyXEL USG FLEX series firmware versions 4.50 through 5.37 ZyXEL USG FLEX 50(W) series firmware versions 4.16 through 5.37 ZyXEL USG20(W)-VPN series firmware versions 4.16 through 5.37 ZyXEL ATP series firmware versions 4.32 through 5.37 **Description** The issue is related to insufficient input validation in the Quagga package of the affected ZyXEL devices. This could allow an authenticated local attacker to access configuration files on an affected device. **Recommendations** For ZyXEL VPN versions 4.30 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL USG FLEX series firmware versions 4.50 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL USG FLEX 50(W) series firmware versions 4.16 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL USG20(W)-VPN series firmware versions 4.16 through 5.37, update to a version that includes the fix for the improper input validation vulnerability. For ZyXEL ATP series firmware versions 4.32 through 5.37, update to a version that includes the fix for the improper input validation vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 Zyxel VPN series firmware versions 4.20 through 5.36 Patch 2 **Description** A command injection vulnerability in the Free Time WiFi hotspot feature could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. The vulnerability is related to the failure to neutralize special elements used in the operating system command, which may allow a remote attacker to execute arbitrary commands. **Recommendations** For Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2, consider disabling the Free Time WiFi hotspot feature until a patch is available. For Zyxel VPN series firmware versions 4.20 through 5.36 Patch 2, restrict access to the Free Time WiFi hotspot feature to minimize the risk of exploitation. As a temporary workaround, avoid using the Free Time WiFi hotspot feature in both Zyxel USG FLEX and VPN series until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions 4.32 through 5.36 Patch 2 Zyxel USG FLEX series versions 4.50 through 5.36 Patch 2 Zyxel USG FLEX 50(W) series versions 4.16 through 5.36 Patch 2 Zyxel USG20(W)-VPN series versions 4.16 through 5.36 Patch 2 Zyxel VPN series versions 4.30 through 5.36 Patch 2 Zyxel NXC2500 versions 6.10(AAIG.0) through 6.10(AAIG.3) Zyxel NXC5500 versions 6.10(AAOS.0) through 6.10(AAOS.4) **Description** A buffer overflow vulnerability in the CAPWAP daemon could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request. This issue is related to a buffer overflow in the memory, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Zyxel ATP series versions 4.32 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX series versions 4.50 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX 50(W) series versions 4.16 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG20(W)-VPN series versions 4.16 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel VPN series versions 4.30 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel NXC2500 versions 6.10(AAIG.0) through 6.10(AAIG.3), update to a version later than 6.10(AAIG.3). For Zyxel NXC5500 versions 6.10(AAOS.0) through 6.10(AAOS.4), update to a version later than 6.10(AAOS.4). As a temporary workaround, consider disabling the CAPWAP daemon until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX series firmware versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2 Zyxel USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2 Zyxel VPN series firmware versions 5.00 through 5.36 Patch 2 Zyxel NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3) Zyxel NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4) **Description** A command injection vulnerability in the access point management feature could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. The vulnerability is related to the failure to neutralize special elements used in the operating system command. **Recommendations** For Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel VPN series firmware versions 5.00 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), update to a version later than 6.10(AAIG.3). For Zyxel NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), update to a version later than 6.10(AAOS.4). As a temporary workaround, consider restricting access to the access point management feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2 Zyxel USG FLEX series firmware versions 4.60 through 5.36 Patch 2 Zyxel USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2 Zyxel USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2 Zyxel VPN series firmware versions 4.60 through 5.36 Patch 2 **Description** A command injection vulnerability in the hotspot management feature could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. The vulnerability is related to the failure to neutralize special elements used in the operating system command. **Recommendations** For Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. For Zyxel VPN series firmware versions 4.60 through 5.36 Patch 2, update to a version later than 5.36 Patch 2. As a temporary workaround, consider restricting access to the hotspot management feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Media Foundation (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Windows Media Foundation component of Windows operating systems. This allows a remote attacker to execute arbitrary code on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Media (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Windows Media component. This allows a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Media (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows Media player, which can be exploited by attackers to execute arbitrary code using a specially crafted malicious file. This allows remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Media Player (affected versions not specified) **Description** The issue is related to insufficient input validation in Windows Media Player, which can be exploited by attackers to execute arbitrary code using a specially crafted malicious file. This can allow remote attackers to affect the system. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.