Simon Geusebroek

**Name of the Vulnerable Software and Affected Versions** XoruX LPAR2RRD versions prior to 7.30 STOR2RRD versions prior to 7.30 **Description** A password mismanagement situation exists because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields. **Recommendations** For XoruX LPAR2RRD versions prior to 7.30, update to version 7.30 or later to resolve the issue. For STOR2RRD versions prior to 7.30, update to version 7.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the device properties page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LPAR2RRD and STOR2RRD versions prior to 7.30 **Description** The issue concerns a hardcoded system account named `lpar2rrd` in XoruX LPAR2RRD and STOR2RRD. **Recommendations** For versions prior to 7.30, update to version 7.30 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XoruX LPAR2RRD and STOR2RRD versions prior to 7.30 **Description** A shell command injection in the HW Events SNMP community allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. **Recommendations** For versions prior to 7.30, update to version 7.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the HW Events SNMP community to minimize the risk of exploitation.