Yu-Chi Ding

**Name of the Vulnerable Software and Affected Versions** Synology SSL VPN Client versions prior to 1.2.5-0226 **Description** The issue is related to a lack of administrator control over security vulnerabilities in the client.cgi component. This allows remote attackers to conduct man-in-the-middle attacks by manipulating the `command`, `hostname`, or `port` parameters. **Recommendations** For versions prior to 1.2.5-0226, update to version 1.2.5-0226 or later to resolve the issue. As a temporary workaround, consider restricting access to the client.cgi component to minimize the risk of exploitation. Avoid using the `command`, `hostname`, or `port` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synology SSL VPN Client versions prior to 1.2.4-0224 **Description** The issue is related to an improper restriction of communication channels, allowing remote attackers to conduct man-in-the-middle attacks via a crafted payload. This affects the HTTP daemon in the Synology SSL VPN Client. **Recommendations** For versions prior to 1.2.4-0224, update to version 1.2.4-0224 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fortinet FortiWan versions prior to 4.2.5 **Description** The issue concerns the diagnosis control.php page, where remote authenticated users can download PCAP files. This is related to the `UserName` GET parameter. **Recommendations** For versions prior to 4.2.5, update to version 4.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the diagnosis control.php page until the update is applied. Avoid using the `UserName` parameter in the affected page to minimize the risk of exploitation.