Matei Josephs

**Name of the Vulnerable Software and Affected Versions** FiberHome HG6544C version RP2743 **Description** The issue allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List, which is not properly sanitized. This is a Cross Site Scripting vulnerability. **Recommendations** For FiberHome HG6544C version RP2743, as a temporary workaround, consider sanitizing the SSID field in the WIFI Clients List to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LB-LINK BL-WR 1300H version 1.0.4 **Description** The issue is related to hardcoded credentials stored in the /etc/shadow file of the LB-LINK BL-WR 1300H router. These credentials are easily guessable, which could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For LB-LINK BL-WR 1300H version 1.0.4, consider changing the hardcoded credentials in the /etc/shadow file to strong, unique passwords to prevent exploitation. As a temporary workaround, restrict access to the router and its related services until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osTicky2 versions prior to 2.2.8 **Description** An Open Redirect issue was discovered, allowing attackers to manipulate the return parameter in the URL to redirect to a malicious base64 encoded URL. This affects osTicky, a Joomla 3.x extension that integrates with osTicket, a popular support ticket system. **Recommendations** For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the extension until a patch is applied.