Rvz

**Name of the Vulnerable Software and Affected Versions** Netmaker versions prior to 1.5.0 **Description** An authentication bypass exists because the `VerifyHostToken()` function in logic/jwts.go does not validate the JWT (JSON Web Token) signature when verifying host tokens. This allows an attacker to forge a JWT signed with an arbitrary key to impersonate any host in the network and access sensitive information. **Recommendations** Update to version 1.5.0 or later. As a temporary workaround, restrict access to the `VerifyHostToken()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** LB-Link BL-CPE300M version 01.01.02P42U14 06 **Description** A cross-site scripting (XSS) vulnerability exists in the web interface of the router. The `/goform/goform get cmd process` API endpoint fails to sanitize user input in the `cmd` parameter before reflecting it into a text/html response. This allows unauthenticated attackers to inject arbitrary JavaScript, which is executed in the context of the router's origin when a crafted URL is accessed. The issue requires user interaction to exploit. **Recommendations** Ensure proper input sanitization is implemented for the `cmd` parameter in the `/goform/goform get cmd process` endpoint.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer A20 v3 version 1.0.6 Build 20231011 rel.85717(5553) **Description** The issue arises from improper handling of directory listing paths in the web interface, allowing for Cross-site Scripting (XSS) attacks. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This enables an attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. **Recommendations** For TP-Link Archer A20 v3 version 1.0.6 Build 20231011 rel.85717(5553), consider disabling access to the web interface until a patch is available to prevent potential exploitation. Restrict access to the router's web page to minimize the risk of XSS attacks. Avoid using the router's web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** angular-base64-upload versions prior to v0.1.21 **Description** The issue is related to the angular-base64-upload library, which has a vulnerability that allows an attacker to execute arbitrary code on the server by uploading a specially crafted file. This is due to incorrect restriction of the directory path name with limited access. The exploitation of this vulnerability can lead to the execution of previously uploaded content, enabling the attacker to achieve code execution on the server. The vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For versions prior to v0.1.21, update to version v0.1.21 or later to resolve the issue. As a temporary workaround, consider disabling the demo/server.php endpoint until a patch is available. Restrict access to the demo/uploads endpoint to minimize the risk of exploitation. Avoid using the angular-base64-upload library until the issue is resolved.