Pagvac

**Name of the Vulnerable Software and Affected Versions** CUPS versions prior to 1.4.4 Mac OS X 10.5.8 Mac OS X 10.6 versions prior to 10.6.4 **Description** A cross-site request forgery (CSRF) issue exists in the web interface, allowing remote attackers to hijack the authentication of administrators for requests that change settings. **Recommendations** For CUPS versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. For Mac OS X 10.5.8, consider upgrading to a newer version of Mac OS X that includes the fix. For Mac OS X 10.6 versions prior to 10.6.4, update to Mac OS X 10.6.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera version 1.00R22 Cisco Linksys WVC54GCA wireless video camera version 1.00R24 Description: The issue allows remote attackers to obtain sensitive information, such as passwords, by reading the process memory of the SetupWizard.exe. This is related to the way the camera sends configuration data in response to a remote-management command from the Setup Wizard. Recommendations: For version 1.00R22, update the firmware to a version that addresses this issue. For version 1.00R24, update the firmware to a version that addresses this issue. As a temporary workaround, consider restricting access to the Setup Wizard remote-management command until a patch is available.

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera firmware 1.00R22 Cisco Linksys WVC54GCA wireless video camera firmware 1.00R24 Description: The issue allows remote authenticated users to read arbitrary files in the img/ directory via a filename in the `next file` parameter. This can be exploited to read sensitive files, such as .htpasswd, to obtain the admin password. Recommendations: For firmware 1.00R22, avoid using the `next file` parameter in the img/main.cgi endpoint until the issue is resolved. For firmware 1.00R24, restrict access to the img/ directory to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the img/main.cgi endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera version 1.00R22 Cisco Linksys WVC54GCA wireless video camera version 1.00R24 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the `next file` parameter to API endpoints such as "main.cgi", "img/main.cgi", or "adm/file.cgi", or the `this file` parameter to the "adm/file.cgi" endpoint. Recommendations: For version 1.00R22, avoid using the `next file` parameter in the "main.cgi", "img/main.cgi", and "adm/file.cgi" API endpoints, and the `this file` parameter in the "adm/file.cgi" endpoint until a patch is available. For version 1.00R24, avoid using the `next file` parameter in the "main.cgi", "img/main.cgi", and "adm/file.cgi" API endpoints, and the `this file` parameter in the "adm/file.cgi" endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera versions 1.00R22 through 1.00R24 Description: The issue allows remote attackers to read arbitrary files via a %2e (encoded dot dot) or an absolute pathname in the `next file` parameter of the adm/file.cgi file. Recommendations: For versions 1.00R22 and 1.00R24, avoid using the `next file` parameter in the adm/file.cgi file until a fix is available. Restrict access to the adm/file.cgi file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera version 1.00R24 Cisco Linksys WVC54GCA wireless video camera version 1.00R22 Description: The issue allows remote attackers to read arbitrary files via an absolute pathname in the `this file` parameter. It is likely that traversal via a .. (dot dot) is also possible. Recommendations: For version 1.00R24, avoid using the `this file` parameter with absolute pathnames in the adm/file.cgi endpoint until a fix is available. For version 1.00R22, avoid using the `this file` parameter with absolute pathnames in the adm/file.cgi endpoint until a fix is available. As a temporary workaround, consider restricting access to the adm/file.cgi endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera versions 1.00R22 through 1.00R24 Description: The issue concerns the storage of sensitive information in cleartext. Specifically, passwords and wireless-network keys are stored in cleartext in `pass wd.htm` and `Wsecurity.htm`. This allows remote attackers to obtain sensitive information by reading the HTML source code. Recommendations: For versions 1.00R22 and 1.00R24, consider restricting access to the `pass wd.htm` and `Wsecurity.htm` files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CUPS versions 1.3.9 and earlier cups-devel version 1.2.4 cups-libs version 1.2.4 cups-lpd version 1.2.4 cups version 1.2.4 **Description** The issue allows local users, and possibly remote attackers, to cause a denial of service by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. This can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed remotely. **Recommendations** For CUPS versions 1.3.9 and earlier, consider disabling the RSS Subscriptions feature until a patch is available. For cups-devel version 1.2.4, restrict access to the vulnerable package to minimize the risk of exploitation. For cups-libs version 1.2.4, avoid using the vulnerable library in applications until the issue is resolved. For cups-lpd version 1.2.4, consider disabling the LPD service until a patch is available. For cups version 1.2.4, restrict access to the vulnerable package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWALL SonicOS Enhanced versions prior to 4.0.1.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering. This occurs because the content filtering system's block page does not properly handle the input, leading to a cross-site scripting (XSS) vulnerability. This can be used for "universal website hijacking." **Recommendations** For versions prior to 4.0.1.1, update to version 4.0.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BT Home Hub router (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and access administrative settings on the BT Home Hub router. This can be achieved by appending specific characters to the end of the PATH INFO, such as `%5C` (encoded backslash), `%` (percent), or `~` (tilde). This enables attackers to read or modify administrative settings or make arbitrary VoIP telephone calls. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Urchin versions 5.7.03 and earlier **Description** A cross-site scripting (XSS) issue exists in the session.cgi (login page) that allows remote attackers to inject arbitrary web script or HTML via the query string. This can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords. **Recommendations** For Google Urchin versions 5.7.03 and earlier, update to a version later than 5.7.03 to resolve the issue. As a temporary workaround, consider restricting access to the session.cgi page until a patch is available. Avoid using the query string in the login page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Centrality Communications (aka Aredfox) PA168 chipset and firmware versions 1.54 and earlier **Description** The issue concerns the admin web console, which does not require passwords or authentication tokens when using HTTP. This allows remote attackers to connect to existing superuser sessions, potentially obtaining sensitive information such as passwords and configuration data. **Recommendations** For firmware versions 1.54 and earlier, consider disabling HTTP access to the admin web console until a patch is available. Restrict access to the admin web console to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BT Voyager 2091 Wireless firmware versions 2.21.05.08m A2pB018c1.d16d and earlier BT Voyager 2091 Wireless firmware versions 3.01m and earlier **Description** The issue allows remote attackers to bypass the authentication process and gain sensitive information. This can include configuration information via the "/btvoyager getconfig.sh" endpoint, PPP credentials via the "btvoyager getpppcreds.sh" endpoint, and decoding configuration credentials via the "btvoyager decoder.c" file. **Recommendations** For BT Voyager 2091 Wireless firmware versions 2.21.05.08m A2pB018c1.d16d and earlier, consider updating to a version later than 2.21.05.08m A2pB018c1.d16d to resolve the issue. For BT Voyager 2091 Wireless firmware versions 3.01m and earlier, consider updating to a version later than 3.01m to resolve the issue. As a temporary workaround, consider restricting access to the "/btvoyager getconfig.sh", "btvoyager getpppcreds.sh", and "btvoyager decoder.c" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Belkin 54g wireless routers (affected versions not specified) **Description** The issue is related to the improper setting of an administrative password, allowing remote attackers to gain access to the device. This can be done via the Telnet or web administration interfaces, specifically through endpoints such as the Telnet interface or the web administration interface. **Recommendations** For Belkin 54g wireless routers, set a strong administrative password to prevent unauthorized access. As a temporary workaround, consider disabling remote access via Telnet and the web administration interface until a proper password is set. Restrict access to the administration interfaces to minimize the risk of exploitation.