Osandamalith

**Name of the Vulnerable Software and Affected Versions** Alcatel OSPREY3 MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware prior to EE40 00 02.00 45 **Description** The issue concerns weak permissions set by the installer for certain directories, allowing local users to gain privileges. This is demonstrated by the potential to insert a Trojan horse ServiceManager.exe file into the "Web ConnectonEE40BackgroundService" directory. **Recommendations** For firmware versions prior to EE40 00 02.00 45, update the firmware to EE40 00 02.00 45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 2.1.6 **Description** The issue allows remote authenticated administrators to execute arbitrary PHP code via the `code` parameter to "admin/editusertag.php", related to the CreateTagFunction and CallUserTag functions. The vendor has reportedly stated that this behavior is considered "a feature, not a bug." **Recommendations** For CMS Made Simple version 2.1.6, consider disabling access to the "admin/editusertag.php" endpoint or restricting the use of the `code` parameter to prevent arbitrary PHP code execution until a resolution is provided by the vendor.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 5.5.45 and earlier Oracle MySQL Server versions 5.6.26 and earlier **Description** The issue is related to errors in the code of the Server: Parser subcomponent of the MySQL database management system. It allows a remote attacker to cause a denial of service. The vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols, resulting in the ability to cause a hang or frequently repeatable crash of the MySQL Server. **Recommendations** For Oracle MySQL Server versions 5.5.45 and earlier, update to a version later than 5.5.45 to resolve the issue. For Oracle MySQL Server versions 5.6.26 and earlier, update to a version later than 5.6.26 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK **Description** The issue concerns a default password set as `admin` for the admin account, making it easier for remote attackers to gain access through unspecified vectors. **Recommendations** For ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK, change the default admin password to a strong and unique password to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXV10 W300 router with firmware W300V1.0.0a ZRD LK **Description** The issue concerns the storage of sensitive information under the web root with insufficient access control. This allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for the "basic/tc2wanfun.js" endpoint. **Recommendations** For ZTE ZXV10 W300 router with firmware W300V1.0.0a ZRD LK, consider restricting access to the "basic/tc2wanfun.js" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to "Forms/tools admin 1". **Recommendations** For ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK, as a temporary workaround, consider restricting access to the "Forms/tools admin 1" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.