| Publications: |
|---|
Fanvil PA2S & x7aRead Full Disclosure |
| CVE-2025-70521: The management portal’s diagnostic ping tool of Fanvil PA2S firmware version 2.12.44.9 does not handle user supplied input securely. The lack of secure user input handling allows any unauthenticated attacker to inject commands and run code in the underlying Android operating system. |
| CVE-2025-70520: The websocket handler of Fanvil PA2S firmware version 2.12.44.9 does not enforce proper authentication restrictions against sessionless users. The lack of restrictions grants anyone the ability to view any device resources such as operational logs or perform diagnostic requests. |
| CVE-2025-70519: The device log component of Fanvil PA2S firmware version 2.12.44.9 does not properly sanitize or encode reflected user supplied data. The lack of sanitization allows for the injection of HTML which can be used to execute malicious JavaScript code on any target browser which renders the device log component. |
| CVE-2025-70522: The request handler of Fanvil PA2S firmware version 2.12.44.9 does not enforce any cross-origin resource protection for any state-changing request performed against the applications. Due to the lack of protection, cross-origin boundary can be completely bypassed, allowing for Cross-Site Request Forgery Attacks against any endpoint. |
| CVE-2025-70518: The management portal’s diagnostic ping tool of Fanvil x7a firmware version 2.6.0.1182 does not handle user supplied input securely. The lack of secure user input handling allows any unauthenticated attacker to inject commands and run code in the underlying Android operating system. |
| CVE-2025-70516: The websocket handler of Fanvil x7a firmware version 2.6.0.1182 does not enforce proper authentication restrictions against sessionless users. The lack of restrictions grants anyone the ability to view any device resources such as operational logs or perform diagnostic requests. |
| CVE-2025-70515: The device log component of Fanvil x7a firmware version 2.6.0.1182 does not properly sanitize or encode reflected user supplied data. The lack of sanitization allows for the injection of HTML which can be used to execute malicious JavaScript code on any target browser which renders the device log component. |
| CVE-2025-70517: The request handler of Fanvil x7a firmware version 2.6.0.1182 does not enforce any cross-origin resource protection for any state-changing request performed against the applications. Due to the lack of protection, cross-origin boundary can be completely bypassed, allowing for Cross-Site Request Forgery Attacks against any endpoint. |
Polycom Trio 8800Read Full Disclosure |
| CVE-2023-88888: A Stored Cross-Site Scripting (XSS) in the web management portal of Polycom Trio 8800 allows attackers to inject arbitrary javascript code and compromise the administrator account. |
JetNexus/EdgeNexus v4.2.8Read Full Disclosure |
| CVE-2022-37719: A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus v4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
| CVE-2022-37718: The network management component of JetNexus/EdgeNexus v4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
Snapt Aria v12.8Read Full Disclosure |
| CVE-2022-24237: The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
| CVE-2022-24236: An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts. |
| CVE-2022-24235: A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
A10 Networks ACOS |
| CVE-2020-88888: A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. |