Spaceraccoon

**Name of the Vulnerable Software and Affected Versions** Aver PTC320UV2 version 0.1.0000.65 **Description** A command injection issue exists in the web management interface that allows an unauthenticated attacker to execute arbitrary commands by sending a specially crafted web request. Command injection is a flaw that allows an attacker to execute operating system commands on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Tapo C260 version 1 **Description** A guest-level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation. The issue is due to insufficient access control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Tapo C260 version v1 **Description** A flaw exists in the firmware of the TP-Link Tapo C260 IP camera related to incorrect path restriction of the directory path name. Successful exploitation allows a remote attacker to gain unauthorized access to protected information. Specifically, a path traversal issue is present due to improper handling of specific GET request paths via https. An attacker on the local network can determine if certain files exist on the device. No read, write, or code execution possibilities are present. The vulnerable request is sent via the ''https'' protocol. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Tapo C260 version 1 **Description** A command injection issue exists in the TP-Link Tapo C260 v1 due to insufficient input validation of certain POST parameters during configuration synchronization. A successful exploit by an authenticated attacker could allow for the execution of arbitrary system commands, potentially leading to a complete compromise of the device, impacting confidentiality, integrity, and availability. The vulnerability allows an attacker to execute arbitrary code through specific POST request parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nextcloud server versions prior to 22.2.8 Nextcloud server versions prior to 23.0.5 Nextcloud server versions prior to 24.0.1 **Description** The Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. This depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. **Recommendations** For versions prior to 22.2.8, upgrade to version 22.2.8 or later. For versions prior to 23.0.5, upgrade to version 23.0.5 or later. For versions prior to 24.0.1, upgrade to version 24.0.1 or later. As a temporary workaround, consider sanitizing newlines to mitigate arbitrary SMTP command injection.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Calendar versions prior to 3.2.2 **Description** The issue concerns SMTP Command Injection in appointment emails. It occurs because newlines and special characters in the email value within the JSON request are not sanitized. This allows a malicious attacker to inject newlines, breaking out of the `RCPT TO:<BOOKING USER'S EMAIL>` SMTP command and enabling the injection of arbitrary SMTP commands. **Recommendations** For versions prior to 3.2.2, upgrade to version 3.2.2 to resolve the issue. At the moment, there are no workarounds available for this issue.

**Name of the Vulnerable Software and Affected Versions** accel-pppd (affected versions not specified) **Description** The issue arises from a buffer overflow vulnerability in the `rad packet recv` function, located in `opt/src/accel-pppd/radius/packet.c`. This vulnerability occurs because user input `len` is copied into a fixed buffer `&attr->val.integer` without any bound checks. When a client connects to the server and sends a large radius packet, this buffer overflow vulnerability can be triggered. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeRADIUS (affected versions not specified) **Description** The issue is related to a memcpy buffer overflow in the `rad packet recv` function, located in `radius/packet.c`. This overflow occurs due to an overly-large `recvfrom` into a fixed buffer, causing a buffer overflow that overwrites arbitrary memory. The vulnerability can be remotely triggered by crafted client requests if the server connects with a malicious client. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.