Zty-1995

Name of the Vulnerable Software and Affected Versions: Ruijie NBR800G gateway version NBR RGOS 11.1(6)B4P9 Description: The issue is a command execution vulnerability that occurs in the /itbox pi/networksafe.php endpoint via the `province` parameter. This allows for potential command execution. Recommendations: For version NBR RGOS 11.1(6)B4P9, consider disabling access to the /itbox pi/networksafe.php endpoint until a patch is available. Avoid using the `province` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wanxing Technology Yitu Project Management Kirin Edition version 2.3.6 **Description** The issue allows a remote attacker to execute arbitrary code via a specially constructed so file in /opt/EdrawProj-2/plugins/imageformat. This enables the attacker to run any code they want, posing a significant risk. **Recommendations** For version 2.3.6, consider restricting access to the /opt/EdrawProj-2/plugins/imageformat directory to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wanxing Technology's Yitu project Management Software version 3.2.2 **Description** The issue allows a remote attacker to execute arbitrary code via the `platformpluginpath` parameter, which specifies that the qt plugin loads the directory. This enables the attacker to potentially gain control over the system. **Recommendations** For Yitu project Management Software version 3.2.2, consider restricting access to the `platformpluginpath` parameter to minimize the risk of exploitation. Avoid using the `platformpluginpath` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DYCMS Open-Source Version v2.0.9.41 **Description** The issue allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. This weakness lets a remote attacker run any code. **Recommendations** For DYCMS Open-Source Version v2.0.9.41, consider disabling the file upload feature until a patch is available to prevent remote code execution. Restrict access to the application to minimize the risk of exploitation. Avoid using the file upload functionality in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruijie NBR3000D-E Gateway (affected versions not specified) **Description** An issue in the Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the "/tool/shell/postgresql.conf" component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wanxing Technology's Yitu project (affected versions not specified) **Description** A remote code execution issue exists in the project management of Wanxing Technology's Yitu project. This allows an attacker to use the `exp.adpx` file as a zip compressed file to construct a special file name. The file can be decompressed into the system startup folder, and upon system restart, the constructed attack script can be automatically executed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-NBS2009G-P RGOS version 10.4(1)P2 Release (9736) **Description** The issue allows a remote attacker to gain privileges via the login check state component. This is due to an Insecure Permissions vulnerability. A remote attacker can exploit this flaw to gain privileges. **Recommendations** For Ruijie RG-NBS2009G-P RGOS version 10.4(1)P2 Release (9736), patch immediately to fix the Insecure Permissions vulnerability in the login check state component and review access controls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-NBS2009G-P RGOS version 10.4(1)P2 Release(9736) **Description** An issue in Ruijie RG-NBS2009G-P RGOS allows a remote attacker to gain privileges via the "system/config menu.htm" endpoint. This issue enables a remote attacker to escalate privileges. **Recommendations** For Ruijie RG-NBS2009G-P RGOS version 10.4(1)P2 Release(9736), consider restricting access to the "system/config menu.htm" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.