Runzi Zhao

**Name of the Vulnerable Software and Affected Versions** QVR Smart Client versions prior to 2.4.0.0570 **Description** An unquoted search path or element issue has been reported, which could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. **Recommendations** For QVR Smart Client versions prior to 2.4.0.0570, update to version 2.4.0.0570 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QVPN Device Client versions prior to 2.2.0.0823 **Description** A cleartext transmission of sensitive information issue has been reported, which could allow local authenticated administrators to read sensitive data via unspecified vectors. **Recommendations** For versions prior to 2.2.0.0823, update to QVPN Windows 2.2.0.0823 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QVPN Device Client versions prior to 2.1.0.0518 **Description** The issue is related to insufficient protection of credentials, which could allow local authenticated administrators to gain access to user accounts and sensitive data via unspecified vectors. **Recommendations** For versions prior to 2.1.0.0518, update to QVPN Windows 2.1.0.0518 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** QVPN Device Client versions prior to 2.0.0.1310 QVPN Device Client versions prior to 2.0.0.1316 **Description** The issue is related to an insecure library loading vulnerability. If exploited, it could allow local attackers who have gained user access to execute unauthorized code or commands. **Recommendations** For QVPN Device Client versions prior to 2.0.0.1310, update to version 2.0.0.1310 or later. For QVPN Device Client versions prior to 2.0.0.1316, update to version 2.0.0.1316 or later.

**Name of the Vulnerable Software and Affected Versions** QVR Pro Client versions prior to 2.3.0.0420 **Description** The issue is related to insufficient protection of registration data in QVR Pro Client, which may allow an attacker to gain unauthorized access to protected information. An insertion of sensitive information into the log file vulnerability has been reported, potentially providing local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. **Recommendations** For QVR Pro Client versions prior to 2.3.0.0420, update to version 2.3.0.0420 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.