Robert Pogorzelski

**Name of the Vulnerable Software and Affected Versions** Device (affected versions not specified) **Description** The root user password is hardcoded into the device and cannot be changed in the user interface. Additionally, there is an issue where a user's browser may be forced to execute JavaScript and pass the authentication cookie to an attacker, leveraging an XSS vulnerability located at "/gui/terminal tool.cgi" in the `data` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An authenticated user can execute arbitrary commands in the context of the root user by providing a payload in the `destination` field of the network test tools. This issue is similar to a previously mitigated vulnerability, but it can still be exploited by sending POST requests directly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The router console is accessible without authentication at the `data` field. Although a user needs to be logged in to modify the configuration, the session state is shared. If another user is currently logged in, an anonymous user can execute commands in the context of the authenticated one. If the logged-in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows for the download of configuration backups without proper authorization. These backups contain passwords that can be decrypted using a hardcoded static key. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An authenticated user can upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with root user privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows an attacker to force a user's browser to execute JavaScript and pass the authentication cookie, leveraging an XSS vulnerability. This vulnerability is located at the "/gui/terminal tool.cgi" endpoint, specifically in the `data` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The authentication cookies are generated using an algorithm based on the `username`, a hardcoded secret, and the up-time, and can be guessed in a reasonable time. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue allows for an XSS attack by modifying the MOTD banner and redirecting the victim to the "terminal tool.cgi" path. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue concerns the visibility of the `tokenKey` value used in user authorization within the HTML source of the login page. This could potentially expose sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The authentication mechanism can be bypassed by overflowing the value of the `authentication` field in the Cookie, provided there is an active user session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.