Q. Kaiser

Name of the Vulnerable Software and Affected Versions: Evertz SDVN 3080ipx-10G (affected versions not specified) Description: The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. The device exposes a web management interface on port 80. This web management interface is susceptible to remote unauthenticated arbitrary command execution and authentication bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Evertz SDVN 3080ipx-10G (affected versions not specified) Description: The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. The device exposes a web management interface on port 80, which is susceptible to command injection. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evertz SDVN 3080ipx-10G (affected versions not specified) **Description** The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application that exposes a web management interface on port 80. This interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5400X versions prior to 1.1.7 TP-Link Archer C4500X versions through 1 1.1.6 Description: The issue is related to a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. This allows a remote unauthenticated attacker to gain arbitrary command execution on the device with elevated privileges. The problem is associated with the rftest binary file, which opens a network listener on TCP ports. Recommendations: For TP-Link Archer C5400X versions prior to 1.1.7, update to version 1.1.7 or later, which fixes the vulnerability by preventing the execution of commands with shell symbols. For TP-Link Archer C4500X versions through 1 1.1.6, consider disabling the "rftest" service as a temporary workaround until a patch is available. Restrict access to the vulnerable TCP ports (8888, 8889, and 8890) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetModule NSRW versions 4.3.0.0 through 4.3.0.118 NetModule NSRW versions 4.4.0.0 through 4.4.0.117 NetModule NSRW versions 4.6.0.0 through 4.6.0.104 NetModule NSRW versions 4.7.0.0 through 4.7.0.102 **Description** The NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. **Recommendations** For versions 4.3.0.0 through 4.3.0.118, update to version 4.3.0.119 or later. For versions 4.4.0.0 through 4.4.0.117, update to version 4.4.0.118 or later. For versions 4.6.0.0 through 4.6.0.104, update to version 4.6.0.105 or later. For versions 4.7.0.0 through 4.7.0.102, update to version 4.7.0.103 or later.

**Name of the Vulnerable Software and Affected Versions** Asus NAS-M25 versions through 1.0.1.7 **Description** The issue is related to an improper neutralization of special elements used in an OS command, allowing an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values, specifically through `cookie` values. **Recommendations** For Asus NAS-M25 versions through 1.0.1.7, as a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using unsanitized `cookie` values in OS commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, which could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. A vulnerability in the web filter database update function of the router's firmware is associated with errors in processing input data, potentially allowing a remote attacker to execute arbitrary code with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Festo Controller CECC-X-M1 product family (affected versions not specified) **Description** The issue concerns the `http-endpoint` "cecc-x-web-viewer-request-on" `POST` request, which does not check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Festo Controller CECC-X-M1 product family (affected versions not specified) **Description** The issue is related to the http-endpoint "cecc-x-acknerr-request" POST request, which does not check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Festo Controller CECC-X-M1 product family (affected versions not specified) **Description** The issue concerns the `http-endpoint` "cecc-x-web-viewer-request-off" `POST` request, which does not check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV Series Routers versions prior to the fixed version Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified) **Description** The issue allows an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, and cause denial of service (DoS). This is due to multiple vulnerabilities in the Cisco Small Business RV Series Routers, including a stack-based buffer overflow vulnerability and a command injection vulnerability in the update-clients command. The vulnerability can be exploited by sending a specially crafted request, allowing a remote attacker to execute arbitrary commands. **Recommendations** For Cisco Small Business RV Series Routers, update to a version that contains a fix for this issue. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, consider disabling the `update-clients` command as a temporary workaround until a patch is available. Restrict access to the vulnerable web interface to minimize the risk of exploitation. Avoid using unsigned software and ensure that all software is properly validated before execution.