Nich0Las

**Name of the Vulnerable Software and Affected Versions** npitre cramfs-tools versions prior to 2.3 **Description** A local issue exists in the `change file status()` function within the `cramfsck.c` file. A manipulation of this function allows for symlink following, which occurs when a program follows a symbolic link to a target file, potentially allowing access to unauthorized files. **Recommendations** Apply the patch b4a3a695c9873f824907bd15659f2a6ac7667b4f to resolve the issue. As a temporary workaround, restrict access to the `change file status()` function in `cramfsck.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** npitre cramfs-tools versions prior to 2.2 **Description** A path traversal issue exists in the Directory Handler component within the `do directory()` function of the `cramfsck.c` file. This flaw allows a local attacker to perform path traversal, which involves accessing files or directories outside the intended folder by manipulating file paths. **Recommendations** Update to version 2.2.

**Name of the Vulnerable Software and Affected Versions** Belkin F9K1009 versions 2.00.04 through 2.00.09 Belkin F9K1010 versions 2.00.04 through 2.00.09 **Description** A critical issue exists in the Web Interface component due to hard-coded credentials. This allows for remote attacks. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Belkin F9K1009 version 2.00.04: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1009 version 2.00.05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1009 version 2.00.06: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1009 version 2.00.07: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1009 version 2.00.08: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1009 version 2.00.09: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1010 version 2.00.04: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1010 version 2.00.05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1010 version 2.00.06: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1010 version 2.00.07: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1010 version 2.00.08: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Belkin F9K1010 version 2.00.09: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TI-G160i versions up to 20250724 TRENDnet TI-PG102i versions up to 20250724 TRENDnet TPL-430AP versions up to 20250724 **Description** A critical vulnerability exists in the SSH Service component of TRENDnet devices. The issue involves the use of default credentials, allowing for remote attacks. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** TRENDnet TI-G160i versions up to 20250724: Change the default credentials for the SSH Service immediately. TRENDnet TI-PG102i versions up to 20250724: Change the default credentials for the SSH Service immediately. TRENDnet TPL-430AP versions up to 20250724: Change the default credentials for the SSH Service immediately.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-890L versions up to 111b04 **Description** A critical issue has been identified in D-Link DIR-890L. The vulnerability relates to the processing of the `rgbin` file within the UART Port component, leading to the exposure of hard-coded credentials. This issue can be exploited on a physical device. The exploit has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** Versions prior to 111b05: At the moment, there is no information about a newer version that contains a fix for this vulnerability.