Vangelis Stykas

**Name of the Vulnerable Software and Affected Versions** Swann SWWHD-INTCAM-HD devices (affected versions not specified) **Description** The issue allows for FTP access as root due to the presence of the twipc root password. It is noted that all affected customers were migrated by 2020-08-31. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Swann SWWHD-INTCAM-HD devices (affected versions not specified) **Description** The issue concerns Swann SWWHD-INTCAM-HD devices, which leave the Pre-Shared Key (PSK) in logs even after a factory reset. All affected customers were migrated by 2020-08-31. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Navarino Infinity web interface versions up to 2.2 **Description** The issue allows for blind SQL injection through an unauthenticated script in the web interface, potentially leading to the compromise of the product by exposing information from the underlying PostgreSQL database. The script is accessible without authentication. **Recommendations** For Navarino Infinity web interface versions up to 2.2, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the unauthenticated script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Navarino Infinity (affected versions not specified) **Description** The issue allows for session fixation attacks. The server accepts the session ID as a GET parameter, which can be exploited to bypass two-factor authentication in some installations. This could lead to phishing attacks that can bypass the two-factor authentication present in some installations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Navarino Infinity versions prior to 2.3 **Description** The issue allows certain Navarino Infinity functions, when placed in the URL, to bypass authentication mechanisms. This can lead to an information leak. **Recommendations** For versions prior to 2.3, update to version 2.3 or later to resolve the issue.