Secgrant

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW Spectrum Server version 4.2.0.32842 **Description** The issue allows attackers to access sensitive information via a crafted API call. **Recommendations** For Digital Watchdog DW Spectrum Server version 4.2.0.32842, consider restricting access to the API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 **Description** The issue allows unauthenticated attackers to view internal paths and scripts via web files. **Recommendations** For version A7.2.2 20211029, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 **Description** The issue allows attackers to access the core log file and perform session hijacking via a crafted session token. **Recommendations** For Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029, as a temporary workaround, consider restricting access to the core log file until a patch is available. Avoid using crafted session tokens in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 **Description** A cross-site scripting (XSS) issue was found in the bia oneshot.cgi component. This allows for potential malicious script execution. **Recommendations** For version A7.2.2 20211029, as a temporary workaround, consider disabling access to the bia oneshot.cgi component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 **Description** A command injection issue was found in the /admin/vca/bia/addacph.cgi component. This issue can be exploited through a crafted POST request. **Recommendations** For version A7.2.2 20211029, as a temporary workaround, consider restricting access to the /admin/vca/bia/addacph.cgi component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 **Description** A command injection issue was found in the /admin/curltest.cgi component. This issue can be exploited through a crafted POST request. **Recommendations** For version A7.2.2 20211029, as a temporary workaround, consider restricting access to the /admin/curltest.cgi component until a patch is available. Avoid using this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 **Description** A command injection issue was found in the /admin/vca/license/license tok.cgi component. This issue can be exploited through a crafted POST request. **Recommendations** For version A7.2.2 20211029, as a temporary workaround, consider restricting access to the /admin/vca/license/license tok.cgi component until a patch is available. Avoid using this component with crafted POST requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.