Navina Asrani

**Name of the Vulnerable Software and Affected Versions** Intex N150 devices (affected versions not specified) **Description** An issue was discovered where the backup/restore option does not check the file extension uploaded for importing configuration files backup. This can lead to corrupting the router firmware settings or the uploading of malicious files. To exploit this, an attacker can upload any malicious file and force reboot the router with it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intex N150 (affected versions not specified) **Description** An issue was discovered that affects the router firmware, allowing for multiple CSRF injection points. This includes the ability to change user passwords and modify router settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Typesetter version 5.1 **Description** A critical issue was discovered where the User Permissions page, also known as Admin/Users, is affected by a Cross Site Request Forgery flaw. This allows a malicious user to trick another user into unknowingly creating, deleting, or modifying a user account due to the absence of an anti-CSRF token. **Recommendations** For Typesetter version 5.1, consider implementing an anti-CSRF token on the User Permissions page to prevent Cross Site Request Forgery attacks. As a temporary workaround, restrict access to the Admin/Users page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Typesetter version 5.1 **Description** An issue was discovered in Typesetter, which suffers from a Host header injection vulnerability. This allows a malicious user to poison the web cache, perform advanced password reset attacks, or trigger arbitrary user re-direction. **Recommendations** For version 5.1, consider restricting access to sensitive features until a patch is available. As a temporary workaround, review and limit the use of the Host header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.