S1Lky

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.7 **Description** The issue allows a user's password to be changed without prompting for the current password in the Dashboard. **Recommendations** For versions prior to 8.5.7, update to version 8.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Macally WIFISD2-2A82 Media and Travel Router version 2.000.010 **Description** The Guest user in the Macally WIFISD2-2A82 Media and Travel Router can reset its own password, which has a vulnerability that can be exploited to take over the administrator account, resulting in shell access. The admin user can read the /etc/shadow file, allowing the password hashes of each user, including root, to be dumped. The root hash can be cracked easily, leading to a complete system compromise. **Recommendations** For Macally WIFISD2-2A82 Media and Travel Router version 2.000.010, consider restricting the Guest user's ability to reset its own password as a temporary workaround until a patch is available. Additionally, limit access to the /etc/shadow file to prevent the dumping of password hashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.