Mars Cheng

**Name of the Vulnerable Software and Affected Versions** Weintek EasyBuilder Pro (affected versions not specified) **Description** The issue is caused by a ZipSlip attack resulting from decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kyocera TASKalfa versions 4002i and 6002i **Description** The issue allows remote attackers to read the documents of arbitrary users via a modified HTTP request to the DoBox CstmBox Info.model.htm page. **Recommendations** For Kyocera TASKalfa 4002i, restrict access to the DoBox CstmBox Info.model.htm page until a fix is available. For Kyocera TASKalfa 6002i, restrict access to the DoBox CstmBox Info.model.htm page until a fix is available.

**Name of the Vulnerable Software and Affected Versions** ASUS HG100 devices with firmware prior to 1.05.12 **Description** The issue allows unauthenticated access, which can lead to remote command execution. **Recommendations** For ASUS HG100 devices with firmware prior to 1.05.12, update the firmware to version 1.05.12 or later to resolve the issue.