Sonicrr

**Name of the Vulnerable Software and Affected Versions** ATEN eco DC (affected versions not specified) **Description** The ATEN eco DC software contains a missing authorization flaw that can lead to privilege escalation. This issue allows unauthorized access and potential control over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tibbo AggreGate Network Manager (affected versions not specified) **Description** The issue is related to an unrestricted file upload vulnerability. This allows an authenticated user with low privileges to upload a jsp shell, which can then execute code with the privileges of the user running the web server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-800MB version 1.0.1.0 **Description** A critical issue was found in the component POST Request Handler, where the manipulation of the `DeviceURL` argument leads to os command injection. This allows an attacker to execute arbitrary commands or cause a denial of service. The attack can be launched remotely. **Recommendations** For TRENDnet TEW-800MB version 1.0.1.0, as a temporary workaround, consider restricting access to the POST Request Handler component until a patch is available. Avoid using the `DeviceURL` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-822DRE version 1.03B02 **Description** A critical issue affects the file /admin ping.htm of the component POST Request Handler. The manipulation of the `ipv4 ping`/`ipv6 ping` argument leads to command injection. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For TRENDnet TEW-822DRE version 1.03B02, as a temporary workaround, consider restricting access to the /admin ping.htm file until a patch is available. Avoid using the `ipv4 ping` and `ipv6 ping` arguments in the affected POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-815DAP version 1.0.2.0 **Description** A critical issue affects the `do setNTP` function of the POST Request Handler component. The manipulation of the `NtpDstStart`/`NtpDstEnd` argument leads to command injection, allowing remote attackers to execute arbitrary commands. The exploit has been publicly disclosed. **Recommendations** For TRENDnet TEW-815DAP version 1.0.2.0, as a temporary workaround, consider disabling the `do setNTP` function until a patch is available. Restrict access to the POST Request Handler component to minimize the risk of exploitation. Avoid using the `NtpDstStart` and `NtpDstEnd` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.