Piotr Kijewski

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. (affected versions not specified) Description: An attacker could exploit this issue by uploading arbitrary files via a specific service, potentially leading to system compromise. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. (affected versions not specified) Description: An attacker could exploit this vulnerability by uploading arbitrary files via a specific endpoint, potentially leading to unauthorized remote code execution or system compromise. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: INFINITT PACS System Manager (affected versions not specified) Description: The INFINITT PACS System Manager allows unauthorized users to gain access without proper authorization, potentially leading to unauthorized access to system resources. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeoVision GV-VS12 (affected versions not specified) GeoVision GV-VS11 (affected versions not specified) GeoVision GV-DSP LPR V3 (affected versions not specified) GeoVision GVLX 4 V2 (affected versions not specified) GeoVision GVLX 4 V3 (affected versions not specified) **Description** Certain end-of-life (EOL) devices contain an OS Command Injection flaw, which occurs due to the improper neutralization of special elements used in operating system commands. This allows unauthenticated remote attackers to inject and execute arbitrary system commands on the device by sending specially crafted network requests. Approximately 17,000 devices worldwide are estimated to be vulnerable. This issue has been actively exploited by a sophisticated botnet, similar to Mirai, to compromise devices for DDoS attacks and cryptocurrency mining. Signs of infection include device overheating and decreased performance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.