Usman Saeed

**Name of the Vulnerable Software and Affected Versions** ZTE ZXHN H168N versions V2.2.0 PK1.2T5, V2.2.0 PK1.2T2, V2.2.0 PK11T7, V2.2.0 PK11T **Description** The issue is related to improper access control, which may allow an unauthorized user to gain unauthorized access. **Recommendations** For versions V2.2.0 PK1.2T5, V2.2.0 PK1.2T2, V2.2.0 PK11T7, V2.2.0 PK11T, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXHN H168N versions V2.2.0 PK1.2T5, V2.2.0 PK1.2T2, V2.2.0 PK11T7, V2.2.0 PK11T **Description** The issue is related to an improper change control, which may allow an unauthorized user to perform unauthorized operations. **Recommendations** For versions V2.2.0 PK1.2T5, V2.2.0 PK1.2T2, V2.2.0 PK11T7, V2.2.0 PK11T, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei B315s-22 version 21.318.01.00.26 Description: The issue is an information leak that allows unauthenticated adjacent attackers to obtain device information. Recommendations: For version 21.318.01.00.26, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer C1200 version 1.13 Build 2018/01/24 rel.52299 **Description** The issue concerns a problem where devices are affected by XSS via the PATH INFO to the "/webpages/data" URI. **Recommendations** For TP-Link Archer C1200 version 1.13 Build 2018/01/24 rel.52299, avoid using the /webpages/data URI until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cherokee Web Server version 0.5.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in the daemon crashing. This can be achieved by including an MS-DOS reserved word in a URI. For example, using the AUX reserved word can demonstrate this issue. **Recommendations** For Cherokee Web Server version 0.5.4, consider restricting access to the server to prevent remote attackers from exploiting this issue until a patch is available. As a temporary workaround, avoid using MS-DOS reserved words in URIs to minimize the risk of daemon crashes.

**Name of the Vulnerable Software and Affected Versions** Motorola Wimax modem CPEi300 (affected versions not specified) **Description** The issue allows remote authenticated users to read arbitrary files due to a directory traversal vulnerability in sysconf.cgi. This is achieved by including a .. (dot dot) in the `page` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Wimax modem CPEi300 (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It affects the sysconf.cgi component, allowing remote authenticated users to inject arbitrary web script or HTML via the `page` parameter in the "/sysconf.cgi" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.