Shiky8

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A security issue exists in the `deletefile` function of the `FsBrowseClean` component. Manipulation of the `dir/path` argument results in missing authorization. The attack can be initiated remotely and has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. The issue involves improper access controls within an unknown function of the `/Technostrobe/` file in the Endpoint component. The vulnerability can be exploited remotely. The exploit has been made public and multiple endpoints are affected. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A flaw exists in the `index config` function within the `/LoginCB` file, leading to improper authentication. This issue is remotely exploitable, and details of the exploit have been publicly disclosed. The vendor was notified but did not respond. Recommendations Disable or restrict access to the `/LoginCB` file as a temporary mitigation.

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. Manipulation of the `File` argument within an unknown function of the `/fs` file in the Configuration Data Handler component can lead to information disclosure. This attack can be launched remotely. The exploit is publicly available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A security flaw exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. Manipulation of an unknown function can lead to cross-site request forgery. This attack can be initiated remotely, and the exploit has been publicly released. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A weakness exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. This impacts an unknown function within the `/fs` file. Manipulation of the `cwd` argument can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made publicly available. Recommendations Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30: Due to the public availability of an exploit, immediate attention is required. As a temporary workaround, restrict access to the `/fs` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem version 2.5.1 **Description** A flaw in access control within the Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem firmware allows attackers to modify the Administrator password and gain elevated privileges. This is achieved by submitting a specially crafted POST request to the `/Forms/admin access 1` API endpoint. The vulnerability allows unauthorized modification of administrative credentials. **Recommendations** Apply updates to address the access control issue in the affected modem firmware version 2.5.1.

**Name of the Vulnerable Software and Affected Versions** Nautel VX Series transmitters VX SW versions 6.4.0 and below **Description** The issue is related to a remote code execution (RCE) vulnerability in the firmware update process. This allows attackers to execute arbitrary code by supplying a crafted update package to the "/#/software/upgrades" endpoint. **Recommendations** For Nautel VX Series transmitters VX SW versions 6.4.0 and below, consider disabling access to the "/#/software/upgrades" endpoint until a patch is available. As a temporary workaround, restrict the ability to supply update packages to trusted sources only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WorldCast Systems ECRESO FM/DAB/TV Transmitter version 1.10.1 **Description** The issue allows authenticated attackers to escalate privileges via a crafted JSON payload. **Recommendations** For WorldCast Systems ECRESO FM/DAB/TV Transmitter version 1.10.1, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information.

**Name of the Vulnerable Software and Affected Versions** Elber REBLE310 Firmware version 5.5.1.R **Description** The issue is related to improper session management, which allows attackers to execute a session hijacking attack. This can be exploited in the Elber REBLE310 equipment with the model number REBLE310/RX10/4ASI. **Recommendations** For Elber REBLE310 Firmware version 5.5.1.R, update to a newer version that addresses the improper session management issue to prevent session hijacking attacks. As a temporary workaround, consider restricting access to sensitive sessions and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware versions 1.0.5x through 1.0.7x **Description** An information disclosure issue in the `/socket.io/1/websocket/` component allows attackers to access Administrator credentials in plaintext. **Recommendations** For Firmware versions 1.0.5x through 1.0.7x, consider restricting access to the `/socket.io/1/websocket/` endpoint until a patch is available. As a temporary workaround, avoid using the Administrator credentials in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.