Ronjor

**Name of the Vulnerable Software and Affected Versions** Flash Seats Mobile App for Android versions 1.7.9 and earlier Flash Seats Mobile App for iOS versions 1.9.51 and earlier **Description** The issue is related to the failure of the Flash Seats Mobile App to properly validate SSL certificates provided by HTTPS connections. This failure may enable an attacker to conduct man-in-the-middle (MITM) attacks. **Recommendations** For Android versions 1.7.9 and earlier, update to a version that properly validates SSL certificates. For iOS versions 1.9.51 and earlier, update to a version that properly validates SSL certificates.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 **Description** The issue allows a remote attacker to bypass authentication on the remote login page. By manipulating the POST request, an attacker can access administrator-only pages, such as `tools admin.asp`, without credentials. **Recommendations** For D-Link DIR-130 version 1.23, update the firmware to a version that addresses the authentication bypass issue. For D-Link DIR-330 version 1.12, update the firmware to a version that addresses the authentication bypass issue. As a temporary workaround, consider restricting access to the remote management login page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 **Description** The issue concerns insufficient protection of administrator credentials. Specifically, the tools admin.asp page returns the administrator password in base64 encoding, allowing a remote attacker with access to this page to obtain administrator credentials. This could potentially be exploited through an authentication bypass. **Recommendations** For D-Link DIR-130 version 1.23, consider restricting access to the tools admin.asp page until a fix is available. For D-Link DIR-330 version 1.12, avoid using the administrator credentials in the affected page until the issue is resolved. As a temporary workaround, consider disabling access to the `tools admin.asp` page to minimize the risk of exploitation.