Liupeng

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the web-based management interface. An authenticated remote attacker could exploit these issues to upload arbitrary files to the underlying operating system, which may lead to remote code execution with privileged permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mobility conductors versions AOS-8 and AOS-10 **Description** An arbitrary file deletion issue exists in the command-line interface of mobility conductors. A remote attacker with authentication could delete arbitrary files within the affected system. **Recommendations** Apply updates to address the issue in versions prior to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 Controller/Mobility Conductor (affected versions not specified) **Description** The command-line interface of the AOS-8 Controller/Mobility Conductor is susceptible to arbitrary file deletion. A remote attacker with valid credentials could exploit this to delete arbitrary files within the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-10 GW and AOS-8 Controller/Mobility Conductor (affected versions not specified) **Description** An arbitrary file download issue exists in the web-based management interface. Exploitation of this issue could allow an authenticated malicious actor to download arbitrary files through crafted exploits. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AOS-10 GW versions prior to 10.7.1.0 AOS-8 Controller/Mobility Conductor versions prior to 8.12.0.3 Description: The issue is related to authenticated command injection vulnerabilities in the web-based management interface of the affected software. Successful exploitation allows an authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. Recommendations: For AOS-10 GW versions prior to 10.7.1.0, update to version 10.7.1.0 or later. For AOS-8 Controller/Mobility Conductor versions prior to 8.12.0.3, update to version 8.12.0.3 or later. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.

Name of the Vulnerable Software and Affected Versions: AOS-10 GW (affected versions not specified) AOS-8 Controller/Mobility Conductor (affected versions not specified) Description: Multiple vulnerabilities exist in the web-based management interface of the affected devices. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. Recommendations: For AOS-10 GW, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For AOS-8 Controller/Mobility Conductor, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AOS-10 GW (affected versions not specified) AOS-8 Controller/Mobility Conductor (affected versions not specified) Description: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system. Recommendations: For AOS-10 GW, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For AOS-8 Controller/Mobility Conductor, at the moment, there is no information about a newer version that contains a fix for this vulnerability.