S. Robertz

**Name of the Vulnerable Software and Affected Versions** dbus-broker versions prior to 31 **Description** An issue was discovered in dbus-broker where it depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied. **Recommendations** For versions prior to 31, update to version 31 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Exec line in the DBus service configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dbus-broker versions prior to 31 **Description** An issue was discovered in dbus-broker where multiple NULL pointer dereferences can occur when a malformed XML config file is supplied. **Recommendations** For versions prior to 31, update to version 31 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Infiray IRAY-A8Z3 version 1.0.957 **Description** An issue was discovered in the binary file /usr/local/sbin/webproject/set param.cgi, which contains hardcoded credentials to the web application. These accounts are considered backdoor accounts because they cannot be deactivated or have their passwords changed. The exploitation of this issue may allow a remote attacker to elevate their privileges. **Recommendations** For Infiray IRAY-A8Z3 version 1.0.957, consider disabling access to the /usr/local/sbin/webproject/set param.cgi file until a patch is available to remove the hardcoded credentials. Restrict access to the web application to minimize the risk of exploitation. Avoid using the affected accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infiray IRAY-A8Z3 version 1.0.957 **Description** The issue is related to a potential buffer overflow in the firmware of Infiray IRAY-A8Z3, caused by the function `strcpy()` being called without checking the string length beforehand. This could allow a remote attacker to execute arbitrary code. **Recommendations** For Infiray IRAY-A8Z3 version 1.0.957, consider disabling the use of the `strcpy()` function until a patch is available to prevent potential buffer overflow exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infiray IRAY-A8Z3 version 1.0.957 **Description** The issue is related to the webserver of the Infiray IRAY-A8Z3, which contains an endpoint that can execute arbitrary commands. This can be achieved by manipulating the `cmd string` URL parameter. The vulnerability is associated with incorrect code generation management, allowing an attacker to execute arbitrary code using the `cmd string` parameter. **Recommendations** For Infiray IRAY-A8Z3 version 1.0.957, as a temporary workaround, consider restricting access to the vulnerable endpoint or disabling the use of the `cmd string` parameter until a patch is available. Avoid using the `cmd string` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infiray IRAY-A8Z3 version 1.0.957 **Description** An issue was discovered in Infiray IRAY-A8Z3, where there is a blank root password for TELNET by default. This allows an attacker to gain root privileges by connecting through port 23. **Recommendations** For Infiray IRAY-A8Z3 version 1.0.957, consider changing the root password for TELNET to prevent unauthorized access. As a temporary workaround, restrict access to port 23 to minimize the risk of exploitation.