Numanturle

**Name of the Vulnerable Software and Affected Versions** Zyxel VMG1312-B10D versions prior to 5.13(AAXA.8)C0 **Description** The issue is related to insufficient checks on directory path names, allowing a remote attacker to access restricted information using a specially crafted URL request containing `../` sequences. This can potentially lead to reading sensitive files, such as `/etc/passwd`. **Recommendations** For versions prior to 5.13(AAXA.8)C0, update to version 5.13(AAXA.8)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected directory traversal functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NUUO NVRmini devices (affected versions not specified) **Description** The issue allows for remote command execution via shell metacharacters in the `uploaddir` parameter for a "writeuploaddir" command in the "upgrade handle.php" file on NUUO NVRmini devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.