Yerodin Richards

**Name of the Vulnerable Software and Affected Versions** Nexxt Amp300 ARN02304U8 version 42.103.1.5095 Nexxt Amp300 ARN02304U8 version 80.103.2.5045 **Description** The web service on Nexxt Amp300 ARN02304U8 devices allows remote OS command execution by placing &telnetd in the JSON `host` field to the "ping" feature of the "goform/sysTools" component. Authentication is required. **Recommendations** For version 42.103.1.5095, consider disabling the "goform/sysTools" component until a patch is available. For version 80.103.2.5045, restrict access to the "ping" feature of the "goform/sysTools" component to minimize the risk of exploitation. Avoid using the `host` field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmartRG SR506n version 2.5.15 SmartRG SR510n version 2.6.13 **Description** The issue allows for Remote Code Execution (RCE) via the ping host feature. **Recommendations** For SmartRG SR506n version 2.5.15, consider disabling the ping host feature until a patch is available. For SmartRG SR510n version 2.6.13, consider disabling the ping host feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.