Ninj4C0D3R

**Name of the Vulnerable Software and Affected Versions** OcoMon version 4.0RC1 **Description** The issue allows for Incorrect Access Control, enabling an attacker to obtain a user's real email address by sending a specific request. By sending the same request with the correct email, it is possible to take over the account. **Recommendations** For OcoMon version 4.0RC1, consider restricting access to sensitive user information, such as email addresses, until a fix is available. As a temporary workaround, limit the ability to send requests that can lead to account takeover.

**Name of the Vulnerable Software and Affected Versions** Asus RT-N12E version 2.0.0.39 **Description** The issue is related to incorrect access control. An attacker can change the administrator password without authentication through the "system.asp" and "start apply.htm" API endpoints. **Recommendations** For Asus RT-N12E version 2.0.0.39, as a temporary workaround, consider restricting access to the "system.asp" and "start apply.htm" API endpoints until a patch is available. Avoid using these endpoints to change the administrator password until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.