Lionel Musonza

**Name of the Vulnerable Software and Affected Versions** GreenPacket OH736's WR-1200 Indoor Unit version M-IDU-1.6.0.3 V1.1 GreenPacket OH736's OT-235 version MH-46360-2.0.3-R5-GP **Description** The issue allows for remote command injection. Commands are executed before login and with root privileges, enabling complete system takeover. **Recommendations** For GreenPacket OH736's WR-1200 Indoor Unit version M-IDU-1.6.0.3 V1.1, consider disabling remote access until a patch is available. For GreenPacket OH736's OT-235 version MH-46360-2.0.3-R5-GP, restrict root privileges for commands executed before login to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 **Description** The issue concerns improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and are executed with root permissions. A 3rd party analyst has tested and validated the methods, confirming them as exploitable. This was discovered by Lionel Musonza. **Recommendations** For Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8, consider disabling HTTP GET commands until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.