Trichimtrich

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified) **Description** The issue allows an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, and cause denial of service (DoS). This is due to the failure to neutralize special elements used in the operating system command. The vulnerability can be exploited to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV340, RV340W, RV345, RV345P versions (affected versions not specified) Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified) **Description** The issue exists due to insufficient input validation in the web interface of the Cisco Small Business routers' firmware. An attacker, acting remotely, can exploit this to disclose protected information or overwrite arbitrary files using a specially crafted HTTP request. The vulnerability could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS). **Recommendations** For Cisco Small Business RV340, RV340W, RV345, RV345P: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link AC1750 versions prior to 211210 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the NetUSB.ko kernel module, resulting from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For TP-Link AC1750 versions prior to 211210, update to a version 211210 or later to resolve the issue. As a temporary workaround, consider disabling the NetUSB.ko kernel module until a patch is available. Restrict access to the router to minimize the risk of exploitation. Avoid using the router until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR D7800 (affected versions not specified) NETGEAR R6220 (affected versions not specified) NETGEAR R6230 (affected versions not specified) NETGEAR R6400v2 (affected versions not specified) NETGEAR R7000 (affected versions not specified) NETGEAR R7800 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers. Authentication is not required to exploit this issue. The specific flaw exists within the NetUSB module, resulting from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this issue to execute code in the context of root. The exploitation can occur via port 20005. **Recommendations** For NETGEAR R6700v3 version 1.0.4.120 10.0.91, consider disabling the NetUSB module until a patch is available. For NETGEAR D7800, NETGEAR R6220, NETGEAR R6230, NETGEAR R6400v2, NETGEAR R7000, and NETGEAR R7800, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.3.x through 7.3.28 PHP versions 7.4.x through 7.4.20 PHP versions 8.0.x through 8.0.7 **Description** The issue is related to insufficient input validation in the Firebird PDO driver extension. A malicious database server could cause crashes in various database functions, such as `getAttribute()`, `execute()`, `fetch()`, and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service, or potentially memory corruption. **Recommendations** For PHP versions 7.3.x through 7.3.28, update to version 7.3.29 or later. For PHP versions 7.4.x through 7.4.20, update to version 7.4.21 or later. For PHP versions 8.0.x through 8.0.7, update to version 8.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** DokuWiki versions prior to 2017-02-19c **Description** The issue allows for stored XSS when rendering malicious RSS or Atom feeds, specifically in the /inc/parser/xhtml.php file. An attacker can exploit this by creating or editing a wiki that uses RSS or Atom data from an attacker-controlled server, triggering JavaScript execution. The JavaScript can be embedded in an author field, such as the dc:creator element. **Recommendations** For DokuWiki versions prior to 2017-02-19c, consider restricting the use of RSS or Atom feeds from untrusted sources until a patch is available. As a temporary workaround, avoid using the /inc/parser/xhtml.php file for rendering feeds from potentially malicious servers.

**Name of the Vulnerable Software and Affected Versions** DokuWiki versions prior to 2017-02-19c **Description** The issue concerns stored XSS when rendering a malicious language name in a code element, located in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. **Recommendations** For versions prior to 2017-02-19c, update to a version newer than 2017-02-19c to resolve the issue. As a temporary workaround, consider restricting access to the /inc/parser/xhtml.php file to minimize the risk of exploitation. Avoid using malicious language names in code elements until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SLiMS versions 8 Akasia through 8.3.1 **Description** The issue allows remote attackers to perform a complete account takeover by tricking a user into changing their password to an attacker-controlled one. This is possible because there is no CSRF mitigation and the user profile, including the password, can be updated without requiring the current password. The `passwd1` and `passwd2` fields in the `admin/modules/system/app user.php` endpoint, specifically when `changecurrent=true`, are vulnerable to this attack. **Recommendations** For SLiMS versions 8 Akasia through 8.3.1, consider implementing CSRF mitigation measures and require the current password to be sent when updating the user profile, including the password, to prevent unauthorized changes. As a temporary workaround, restrict access to the `admin/modules/system/app user.php` endpoint, especially when `changecurrent=true`, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DokuWiki versions prior to 2017-02-19b **Description** The issue concerns an XSS vulnerability in the `at` parameter, also known as the `DATE AT` variable, which is used in the "doku.php" endpoint. **Recommendations** For versions prior to 2017-02-19b, consider restricting access to the `at` parameter in the doku.php endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 2.5.2 **Description** A security issue was found that allows remote attackers to execute arbitrary JavaScript code. This occurs because the `filter` field in the manage user page.php file is not properly sanitized before being rendered in the Manage User page. This issue can be exploited if Content Security Policy (CSP) is disabled. **Recommendations** For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider enabling Content Security Policy (CSP) to minimize the risk of exploitation.