Rei Yano

**Name of the Vulnerable Software and Affected Versions** Pimax products (affected versions not specified) **Description** The issue concerns the implementation of the WebSocket protocol in Pimax applications for launching and managing Pimax Play games and PiTool software for configuring and calibrating VR equipment. Exploitation of this issue may allow a remote attacker to execute arbitrary code. Multiple Pimax products are affected, accepting WebSocket connections from unintended endpoints, which could lead to arbitrary code execution by a remote unauthenticated attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR switching hubs GS716Tv2 versions 5.4.2.30 and earlier NETGEAR switching hubs GS724Tv3 versions 5.4.2.30 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators and alter the device settings via unspecified vectors. **Recommendations** For NETGEAR switching hubs GS716Tv2 versions 5.4.2.30 and earlier, update to a version later than 5.4.2.30 to resolve the issue. For NETGEAR switching hubs GS724Tv3 versions 5.4.2.30 and earlier, update to a version later than 5.4.2.30 to resolve the issue.