Mccaulay

**Name of the Vulnerable Software and Affected Versions** Junos OS Evolved on PTX Series versions prior to 25.4R1-S1-EVO Junos OS Evolved on PTX Series versions prior to 25.4R2-EVO **Description** An incorrect permission assignment for critical resources in the On-Box Anomaly detection framework allows an unauthenticated, network-based attacker to execute arbitrary code with root privileges. This framework is intended to be reachable only by internal processes via the internal routing instance, but a misconfiguration exposes it through an externally reachable port. Because the service is enabled by default and runs as root, a successful exploit can grant an attacker complete control over the device, potentially allowing for the interception of data flows and redirection of traffic. **Recommendations** Update to versions 25.4R1-S1-EVO, 25.4R2-EVO, or 26.2R1-EVO. As a temporary workaround, disable the vulnerable service using the `request pfe anomalies disable` command. Restrict access to the vulnerable endpoints to trusted networks only by using firewall filters or Access Control Lists (ACLs).

**Name of the Vulnerable Software and Affected Versions** Pioneer DMH-WT7600NEX (affected versions not specified) **Description** This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. No authentication is required to exploit this issue. The specific flaw exists within the telematics functionality, which operates over HTTPS. The problem results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this, in conjunction with other vulnerabilities, to execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pioneer DMH-WT7600NEX (affected versions not specified) **Description** This issue allows network-adjacent attackers to create arbitrary files on affected installations. Although authentication is required to exploit this, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality and results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alpine Halo9 (affected versions not specified) **Description** This issue allows physically present attackers to bypass the signature validation mechanism on affected installations of Alpine Halo9 devices. No authentication is required to exploit this issue. The flaw exists within the firmware metadata signature validation mechanism due to the lack of proper verification of a cryptographic signature. An attacker can leverage this, potentially in conjunction with other issues, to execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Alpine Halo9 (affected versions not specified) **Description** This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The specific flaw exists within the `UPDM wemCmdUpdFSpeDecomp` function, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 (affected versions not specified) Description: The issue is related to improper input validation and a missing authentication procedure, allowing an unauthenticated remote attacker to modify configurations. This can lead to remote code execution, gaining root rights, or performing a Denial of Service (DoS). The vulnerability is associated with the CharxSystemConfigManager service of the Phoenix Contact CHARX SEC-3100 modular charging controllers. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.