The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
https://www.tenable.com/security/research/tra-2022-37
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This
Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file
Description Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component),