Ph0S[4]

**Name of the Vulnerable Software and Affected Versions** SENEC Storage Box versions V1, V2, and V3 **Description** An unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data. **Recommendations** For versions V1, V2, and V3, restrict access to the logfiles to prevent unauthorized disclosure of sensitive data. As a temporary workaround, consider disabling remote access to the devices until a patch is available. Avoid using the devices' logfiles in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns devices that use publicly available default credentials with administrative privileges. This allows unauthorized access with elevated permissions. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SENEC Storage Box versions V1, V2, and V3 **Description** The issue concerns the accidental exposure of a management UI in the SENEC Storage Box, which can be accessed using publicly known admin credentials. This allows unauthorized access to the device's management interface. **Recommendations** For versions V1, V2, and V3, consider changing the admin credentials to a strong, unique password to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the management UI to minimize the risk of exploitation. Avoid using default or publicly known admin credentials in the affected management UI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue allows a remote unauthenticated attacker to capture and modify network traffic because sensitive information is transmitted unencrypted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.