Rethesis

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An unauthenticated debug service is exposed on TCP port 9000. This allows a LAN-based attacker to execute arbitrary UCC commands via the '/sbin/mtk dut' binary. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Predator Connect W6x (affected versions not specified) **Description** The Wi-Fi device blocking feature fails to sanitize MAC address input, which allows for the injection and execution of arbitrary shell commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acer Connect (affected versions not specified) **Description** Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header. The system fails to block requests when the Base64 decoding process fails, allowing potentially unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Predator Connect W6x (affected versions not specified) **Description** Improper access control in the MQTT broker allows unauthorized actors to use wildcard topic subscriptions, which exposes all MQTT traffic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acer Predator Connect W6x versions prior to W6x GBL 2.00.000008 **Description** Crafted MQTT messages can trigger command injection, allowing for root-level remote code execution on the target device without requiring authentication. **Recommendations** Update to firmware W6x GBL 2.00.000008.