Zixian

**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.10 **Description** The issue is related to a CSRF vulnerability in the mc-admin/conf.php file. This vulnerability can be exploited to change the administrator account password. **Recommendations** For MiniCMS version 1.10, update the software to a version that includes a fix for this issue, or as a temporary workaround, consider implementing CSRF protection measures to prevent unauthorized password changes.

**Name of the Vulnerable Software and Affected Versions** Huawei WS331a versions prior to V100R001C01B112 **Description** The issue affects Huawei WS331a routers, allowing remote attackers to hijack the authentication of administrators. This can be done through cross-site request forgery (CSRF) vulnerabilities for requests that restore factory settings or reboot the device. **Recommendations** For versions prior to V100R001C01B112, update to V100R001C01B112 or later to resolve the issue. As a temporary workaround, consider restricting access to the router's administrative interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Huawei WS331a versions prior to WS331a-10 V100R001C01B112 **Description** The issue allows remote attackers to bypass authentication and obtain administrative access by sending special packages to the LAN interface. **Recommendations** For versions prior to WS331a-10 V100R001C01B112, update to WS331a-10 V100R001C01B112 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tenda A32 Router version 5.07.53 CN **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to "goform/SysToolReboot". **Recommendations** For Tenda A32 Router version 5.07.53 CN, consider disabling access to the "goform/SysToolReboot" endpoint until a patch is available to prevent remote attackers from rebooting the device.

**Name of the Vulnerable Software and Affected Versions** Konke Smart Plug K (affected versions not specified) **Description** The issue concerns the lack of authentication for TELNET sessions, allowing remote attackers to gain equipment management authority via TCP traffic to port 23. This can enable a remote attacker to manage the device with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.