Naoto Katsumi

**Name of the Vulnerable Software and Affected Versions** Logitec LAN-W300N/R routers versions prior to 2.27 **Description** The issue concerns improper restriction of login access, allowing remote attackers to gain administrative privileges and modify settings. This is related to vectors involving PPPoE authentication. **Recommendations** For versions prior to 2.27, update the firmware to version 2.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the router's administrative interface until the firmware can be updated.

**Name of the Vulnerable Software and Affected Versions** JustSystems Ichitaro versions 2006 through 2011 JustSystems Ichitaro Government versions 2006 through 2010 JustSystems Ichitaro Portable with oreplug JustSystems Ichitaro Viewer JUST School JUST School versions 2009 and 2010 JUST Jump 4 JUST Frontier oreplug **Description** The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory due to an untrusted search path vulnerability. **Recommendations** For JustSystems Ichitaro versions 2006 through 2011, consider restricting access to the current working directory to minimize the risk of exploitation. For JustSystems Ichitaro Government versions 2006 through 2010, avoid using the vulnerable software until a fix is available. For JustSystems Ichitaro Portable with oreplug, JustSystems Ichitaro Viewer, JUST School, JUST School versions 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eAccess Pocket WiFi (aka GP02) router versions prior to 2.00 with firmware 11.203.11.05.168 **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that initialize settings or reboot the device, due to multiple cross-site request forgery (CSRF) vulnerabilities. **Recommendations** For versions prior to 2.00 with firmware 11.203.11.05.168, update the firmware to a version later than 11.203.11.05.168 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GTK+ versions prior to 2.21.8 **Description** The issue is related to an untrusted search path vulnerability. It allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. **Recommendations** For versions prior to 2.21.8, update to version 2.21.8 or later to resolve the issue.