Rollingchair

Name of the Vulnerable Software and Affected Versions: Clash versions up to 0.20.1 Description: A critical issue affects the Proxy Port component, leading to improper authentication. The attack can be initiated remotely. It is recommended to change the configuration settings. Recommendations: For versions up to 0.20.1, change the configuration settings to mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beijing Baichuo Smart S150 Management Platform version V31R02B15 **Description** A critical issue has been found, affecting an unknown function of the file /useratte/inc/userattea.php. This leads to improper access controls, allowing remote attacks. The exploit has been publicly disclosed. The vendor was contacted about this issue but did not respond. **Recommendations** For version V31R02B15, as a temporary workaround, consider restricting access to the file /useratte/inc/userattea.php until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Byzoro Smart S150 Management Platform version V31R02B15 **Description** A vulnerability has been found in the Byzoro Smart S150 Management Platform, affecting an unknown part of the file `/log/download.php` of the component Backup File Handler. This leads to information disclosure and can be initiated remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For version V31R02B15, as a temporary workaround, consider restricting access to the `/log/download.php` file until a patch is available. Additionally, restrict the use of the Backup File Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Viessmann Vitogate 300 versions up to 2.1.3.0 **Description** A vulnerability was found in the Viessmann Vitogate 300, affecting some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 2.1.3.0, as a temporary workaround, consider restricting access to the /cgi-bin/ file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.