Tomas Bortoli

**Name of the Vulnerable Software and Affected Versions** Cloud Media Popcorn A-200 version 03-05-130708-21-POP-411-000 **Description** An issue was discovered where the device is configured to provide TELNET remote access without a password, allowing an attacker to gain root access if they can connect to port 23. This allows for complete compromise of the device. **Recommendations** For Cloud Media Popcorn A-200 version 03-05-130708-21-POP-411-000, consider disabling TELNET remote access as a temporary workaround to minimize the risk of exploitation. Restrict access to port 23 to prevent unauthorized connections.

**Name of the Vulnerable Software and Affected Versions** Eminent EM4544 version 9.10 **Description** An issue allows changing the admin password to an attacker-chosen value without knowing the current password, potentially through exploitation in combination with a successful XSS or at an unattended workstation. **Recommendations** For Eminent EM4544 version 9.10, consider restricting access to the web interface to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the ability to change the admin password within the web interface to require the current password.