Mohamed Shahat

**Name of the Vulnerable Software and Affected Versions** Orban OPTIMOD 5950 Firmware version 1.0.0.2 Orban OPTIMOD 5950 System version 2.2.15 **Description** The issue is related to incorrect access control, allowing attackers to bypass authentication and gain Administrator privileges. **Recommendations** For Orban OPTIMOD 5950 Firmware version 1.0.0.2, update the firmware to a version that addresses the incorrect access control issue. For Orban OPTIMOD 5950 System version 2.2.15, update the system to a version that addresses the incorrect access control issue.

**Name of the Vulnerable Software and Affected Versions** JMBroadcast JMB0150 Firmware version 1.0 **Description** The issue is related to incorrect access control, allowing attackers to access hardcoded administrator credentials. **Recommendations** For JMBroadcast JMB0150 Firmware version 1.0, consider changing the hardcoded administrator credentials to unique, strong passwords as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web versions v01.07 through v01.09 Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Display versions v1.2 through v1.4 **Description** A credential exposure issue allows unauthorized attackers to access credentials in plaintext. **Recommendations** For Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web versions v01.07 through v01.09, update to a version that fixes the credential exposure issue. For Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Display versions v1.2 through v1.4, update to a version that fixes the credential exposure issue.

**Name of the Vulnerable Software and Affected Versions** JMBroadcast JMB0150 Firmware version 1.0 **Description** The issue is related to incorrect access control in the "HOME.php" endpoint, allowing attackers to access the Admin panel without authentication. **Recommendations** For JMBroadcast JMB0150 Firmware version 1.0, consider restricting access to the "HOME.php" endpoint until a patch is available. As a temporary workaround, limit access to the Admin panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itel Electronics IP Stream version 1.7.0.6 **Description** The issue is related to incorrect access control, allowing unauthorized attackers to execute arbitrary commands with Administrator privileges. **Recommendations** For Itel Electronics IP Stream version 1.7.0.6, update to a version that addresses the incorrect access control issue to prevent unauthorized command execution with Administrator privileges.

**Name of the Vulnerable Software and Affected Versions** BW Broadcast TX600 versions 1.6.0 BW Broadcast TX300 versions 1.6.0 BW Broadcast TX150 versions 1.6.0 BW Broadcast TX1000 versions 1.6.0 BW Broadcast TX30 versions 1.6.0 BW Broadcast TX50 versions 1.6.0 **Description** The issue is related to incorrect access control, allowing attackers to access log files and extract session identifiers. This can lead to a session hijacking attack. **Recommendations** For BW Broadcast TX600 version 1.6.0, update the software to a version that includes the necessary access control fixes. For BW Broadcast TX300 version 1.6.0, update the software to a version that includes the necessary access control fixes. For BW Broadcast TX150 version 1.6.0, update the software to a version that includes the necessary access control fixes. For BW Broadcast TX1000 version 1.6.0, update the software to a version that includes the necessary access control fixes. For BW Broadcast TX30 version 1.6.0, update the software to a version that includes the necessary access control fixes. For BW Broadcast TX50 version 1.6.0, update the software to a version that includes the necessary access control fixes.

**Name of the Vulnerable Software and Affected Versions** DAEnetIP4 METO version 1.25 **Description** The issue is related to improper session management in the "/login ok.htm" endpoint, which allows attackers to execute a session hijacking attack. **Recommendations** For DAEnetIP4 METO version 1.25, consider restricting access to the "/login ok.htm" endpoint until a patch is available. As a temporary workaround, review and strengthen session management practices to minimize the risk of session hijacking attacks.

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters (affected versions not specified) Description: A session hijacking issue exists in the web-based management interface, allowing unauthenticated attackers to access exposed log files at "/logs/debug/xteLog*" endpoints, potentially revealing sensitive session-related information such as session IDs (`sess id`) and authentication success tokens (`user check password OK`). This could enable attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters (affected versions not specified) Description: A critical information disclosure issue exists in the web-based management interface due to Incorrect Access Control. Unauthenticated attackers can access sensitive database backup files, such as `snapshot users.db`, via publicly exposed URLs, including "/logs/devcfg/snapshot/" and "/logs/devcfg/user/". This allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters (affected versions not specified) Description: A critical remote code execution issue exists in the web-based management interface of the affected transmitters when debugging mode is enabled. An attacker with a valid `sess id` can send specially crafted POST requests to the "/json" endpoint, enabling arbitrary command execution on the underlying system. This can lead to full system compromise, including unauthorized access, privilege escalation, and potentially full device takeover. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.