Zet

**Name of the Vulnerable Software and Affected Versions** Hitron CODA-5310 (affected versions not specified) **Description** The issue concerns hard-coded encryption/decryption keys in the program code, allowing a remote attacker authenticated as an administrator to decrypt system files. This access enables the attacker to modify files and cause service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hitron CODA-5310 (affected versions not specified) **Description** The issue exists due to insufficient measures to neutralize special elements used in the operating system command. A remote attacker, authenticated as an administrator, can exploit this to execute arbitrary system commands, manipulate the system, or disrupt the service. This can be achieved through the management page by performing command injection attacks, specifically targeting the connection test function with insufficient filtering for specific parameters. **Recommendations** For Hitron CODA-5310, restrict access to the management page and the connection test function to minimize the risk of exploitation. As a temporary workaround, consider disabling the connection test function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.