Nanyu Zhong

**Name of the Vulnerable Software and Affected Versions** AiCloud versions prior to 3.0.0.4 386/388/0.6 102 **Description** An authentication bypass issue exists in AiCloud due to an unintended side effect of the Samba functionality. This allows execution of specific functions without proper authorization. The issue is described as a critical flaw with a CVSS score of 9.2. The vulnerability can be triggered through path traversal and OS command injection. There is no information available regarding the number of potentially affected devices worldwide or any real-world incidents where this issue was exploited. The vulnerability is related to the Samba functionality, which may involve the use of specific **API Endpoints** and the manipulation of parameters such as `file path` or `user credentials`. The vulnerability allows unauthorized access to router functions. **Recommendations** Update AiCloud to version 3.0.0.4 386/388/0.6 102 or later. As a temporary workaround, consider disabling remote services to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASUS AiCloud (affected versions not specified) **Description** A critical authentication control issue exists in ASUS AiCloud, potentially allowing attackers to bypass authentication and execute unauthorized functions on affected devices remotely. The vulnerability is triggered by a crafted request. The issue has a CVSS score of 9.2, indicating a high level of severity. It is reported to be actively exploited. While the exact number of potentially affected devices is not specified, the vulnerability poses a significant risk to users of ASUS routers with AiCloud enabled. The vulnerability allows remote attackers to execute functions on susceptible devices. **Recommendations** Update your ASUS router to the latest firmware version. If updating is not possible, disable AiCloud and any other services accessible from the internet, such as remote access from WAN, port forwarding, and VPN servers. Use strong, unique passwords for your network and devices.

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS326 versions through V5.21(AAZF.18)C0 Zyxel NAS542 versions through V5.21(ABAG.15)C0 **Description** A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. The vulnerability exists in the export-cgi program and allows an attacker to remotely execute operating system commands. **Recommendations** For Zyxel NAS326 versions through V5.21(AAZF.18)C0, apply the hotfix released by Zyxel to address the command injection vulnerability. For Zyxel NAS542 versions through V5.21(ABAG.15)C0, apply the hotfix released by Zyxel to address the command injection vulnerability. As a temporary workaround, consider disabling the export-cgi program until a patch is available. Restrict access to the vulnerable export-cgi program to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions V4.32 through V5.38 Zyxel USG FLEX series versions V4.50 through V5.38 Zyxel USG FLEX 50(W) series versions V4.16 through V5.38 Zyxel USG20(W)-VPN series versions V4.16 through V5.38 **Description** A buffer overflow vulnerability in the CGI program could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. The vulnerability is related to the lack of size checking for input data, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Zyxel ATP series versions V4.32 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG FLEX series versions V4.50 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG FLEX 50(W) series versions V4.16 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG20(W)-VPN series versions V4.16 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. As a temporary workaround, consider restricting access to the CGI program to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB`, which can cause an out-of-bounds memory access. A user with read-only credentials can exploit this issue. To enhance protection, users should use strong SNMPv3 credentials, avoid sharing credentials, and consider restricting access to a given IP address range for those using SNMPv1 or SNMPv2c. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to resolve the issue. As a temporary workaround, consider using strong SNMPv3 credentials and avoiding the sharing of credentials. For users who must use SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a NULL pointer dereference in the nsVacmAccessTable component of the net-snmp software. This can be caused by a user with read-write credentials using a malformed OID in a SET to the nsVacmAccessTable. To protect against this, users should use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, using a complex community string and restricting access to a given IP address range can enhance protection. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to apply the patch. As a temporary workaround, consider restricting access to the nsVacmAccessTable component until the patch is applied. Use strong SNMPv3 credentials and avoid sharing them. For SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a NULL pointer dereference in the `NET-SNMP-AGENT-MIB::nsLogTable` function. A user with read-write credentials can use a malformed OID in a `SET` request to cause this issue. To mitigate the risk, users should use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, using a complex community string and restricting access to a given IP address range can enhance protection. **Recommendations** To resolve the issue, update to version 5.9.2 or later. As a temporary workaround, consider restricting access to the `NET-SNMP-AGENT-MIB::nsLogTable` function until a patch is applied. Use strong SNMPv3 credentials and avoid sharing them. For SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a NULL pointer dereference in the `nsVacmAccessTable` function. A user with read-only credentials can exploit this by using a malformed OID in a `GET-NEXT` request to cause the dereference. This can potentially impact data integrity. Users should use strong SNMPv3 credentials, avoid sharing credentials, and consider restricting access to a given IP address range for added protection. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to apply the patch. Use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to an Improper Input Validation vulnerability in net-snmp, which can be exploited by a user with read-write credentials when setting malformed OIDs in the master agent and subagent simultaneously. This can allow a remote attacker to execute arbitrary actions. Users should use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, using a complex community string and restricting access to a given IP address range can enhance protection. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to patch the vulnerability. As a temporary workaround, consider using strong SNMPv3 credentials and avoiding shared credentials. Restrict access to a given IP address range to minimize the risk of exploitation for users of SNMPv1 or SNMPv2c. Use a complex community string for additional protection when using SNMPv1 or SNMPv2c.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable`, which can cause an out-of-bounds memory access. A user with read-write credentials can exploit this issue. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later. As a temporary workaround, consider using strong SNMPv3 credentials and avoid sharing the credentials. For those who must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range.