Zhen-Gao Liu

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N300RT versions prior to V3.4.0-B20250430 **Description** The TOTOLINK N300RT wireless router firmware contains an OS command injection issue in the Boa formWsc handling functionality. An unauthenticated attacker can trigger command execution by sending specially crafted requests through the `targetAPSsid` parameter. **Recommendations** Update to version V3.4.0-B20250430 or later.

Name of the Vulnerable Software and Affected Versions: Digiever NVR (affected versions not specified) Description: Digiever NVR devices are susceptible to a sensitive information exposure issue. Unauthenticated remote attackers can access the system configuration file and obtain plaintext credentials for the NVR and connected cameras. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digiever NVR (affected versions not specified) **Description** Certain models of NVR developed by Digiever have an OS Command Injection vulnerability. This allows remote attackers to inject arbitrary OS commands and execute them on the device. Some reports indicate the vulnerability may be exploitable by unauthenticated attackers, while others state it requires authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.