Monologue

**Name of the Vulnerable Software and Affected Versions** Weaver e-cology version 8 **Description** A vulnerability was found in the Source Code Handler component of Weaver e-cology, affecting an unknown function of the file /cloudstore/ecode/setup/ecology dev.zip. This issue leads to information disclosure and can be exploited remotely. **Recommendations** For Weaver e-cology version 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description: A critical issue has been found in the TOTOLINK X18, affecting some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the `enable` argument leads to os command injection. This issue may be exploited remotely. The exploit has been disclosed to the public. Recommendations: For version 9.1.0cu.2024 B20220329, update to the latest firmware immediately to mitigate risks. As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file until a patch is available. Avoid using the `enable` argument in the affected API endpoint until the issue is resolved.