Zeke

Name of the Vulnerable Software and Affected Versions: Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60 Description: A critical vulnerability was found in the Web-based Management Interface component of the affected systems, specifically affecting the file /setupA.cfg. This issue leads to missing authentication. To exploit this vulnerability, access to the local network is required, and the complexity of the attack is considered high, making exploitation difficult. The exploit has been publicly disclosed. Recommendations: For Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60, as a temporary workaround, consider restricting access to the Web-based Management Interface until a patch is available. Additionally, restrict access to the local network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Papendorf SOL Connect Center version 3.3.0.0 **Description** A vulnerability was found in the Web Interface component, leading to missing authentication. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For Papendorf SOL Connect Center version 3.3.0.0, consider restricting access to the Web Interface component until a patch is available. As a temporary workaround, ensure that all remote connections require additional authentication mechanisms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eGauge EG3000 Energy Monitor version 3.6.3 **Description** A problematic issue was found in the Setting Handler component, leading to missing authentication. This can be exploited remotely. The exploit has been disclosed publicly. **Recommendations** For version 3.6.3, consider restricting access to the Setting Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321 **Description** A vulnerability classified as problematic was found in the affected devices, leading to missing authentication. The manipulation can be launched remotely, and the exploit has been disclosed to the public. The vendor was contacted early about this disclosure but did not respond in any way. The attack affects an unknown functionality. **Recommendations** For Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321, consider restricting remote access until a fix is available. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TV-IP121W version 1.1.1 Build 36 **Description** A critical vulnerability has been found in the Web Interface of TRENDnet TV-IP121W, affecting an unknown functionality of the file /admin/setup.cgi. This vulnerability leads to improper authentication and can be exploited remotely. **Recommendations** For TRENDnet TV-IP121W version 1.1.1 Build 36, as a temporary workaround, consider restricting access to the `/admin/setup.cgi` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N versions up to 1.30 **Description** A critical vulnerability has been found in the Administrative Interface of the affected Sony cameras, allowing for the use of default credentials. This issue can be exploited remotely, but the complexity of the attack is considered high and the exploitability is difficult. The vendor has confirmed the existence of the vulnerability and recommends changing the initial passwords. A 'Hardening Guide' has been published to inform customers of the recommendation to change their initial passwords. **Recommendations** For Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N versions up to 1.30, it is recommended to change the configuration settings, specifically the initial passwords, to prevent the use of default credentials.