M. Kadlec

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-41673 **Description** A high privileged remote attacker can execute arbitrary system commands via POST requests in the `send sms` action due to improper neutralization of special elements used in an OS command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. **Recommendations** Update to version 2.3 or later.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-41676 **Description** A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the `send-sms` action in fast succession. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-41677 **Description** A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the `send-mail` action in fast succession. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Conftool (affected versions not specified) **Description** An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device, causing a denial of service. This issue specifically affects the network initializing wizard (Conftool) service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-41681 **Description** A high privileged remote attacker can gain persistent cross-site scripting (XSS) via POST requests due to improper neutralization of special elements used to create dynamic content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.