Goroh_Kun

**Name of the Vulnerable Software and Affected Versions** FutureNet NXR series, VXR series and WXR series (affected versions not specified) **Description** The issue concerns an active debug code vulnerability. If a user with knowledge of the debug function logs in, they may utilize the debug function to execute arbitrary OS commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series (affected versions not specified) Description: The issue is related to the insecure initialization of a resource in the Telnet service of the affected devices, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. This vulnerability enables a remote unauthenticated attacker to access the Telnet service without limitations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELECOM CO.,LTD. routers (affected versions not specified) LOGITEC CORPORATION routers (affected versions not specified) **Description** The issue is related to inadequate encryption strength in multiple routers, allowing a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MR-GM2 firmware versions 3.00.03 and earlier MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware versions 1.03.45 and earlier **Description** The issue allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. This occurs due to the use of default credentials vulnerability in the firmware. **Recommendations** For MR-GM2 firmware versions 3.00.03 and earlier, update the firmware to a version later than 3.00.03. For MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware versions 1.03.45 and earlier, update the firmware to a version later than 1.03.45. As a temporary workaround, consider changing the pre-shared key from the factory-default configuration to prevent interception of wireless LAN communication.

**Name of the Vulnerable Software and Affected Versions** FURUNO SYSTEMS ACERA 1320 firmware versions 01.26 and earlier FURUNO SYSTEMS ACERA 1310 firmware versions 01.26 and earlier FURUNO SYSTEMS ACERA 1210 firmware versions 02.36 and earlier FURUNO SYSTEMS ACERA 1150i firmware versions 01.35 and earlier FURUNO SYSTEMS ACERA 1150w firmware versions 01.35 and earlier FURUNO SYSTEMS ACERA 1110 firmware versions 01.76 and earlier FURUNO SYSTEMS ACERA 1020 firmware versions 01.86 and earlier FURUNO SYSTEMS ACERA 1010 firmware versions 01.86 and earlier FURUNO SYSTEMS ACERA 950 firmware versions 01.60 and earlier FURUNO SYSTEMS ACERA 850F firmware versions 01.60 and earlier FURUNO SYSTEMS ACERA 900 firmware versions 02.54 and earlier FURUNO SYSTEMS ACERA 850M firmware versions 02.06 and earlier FURUNO SYSTEMS ACERA 810 firmware versions 03.74 and earlier FURUNO SYSTEMS ACERA 800ST firmware versions 07.35 and earlier **Description** An OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. The affected devices are running in ST (Standalone) mode. **Recommendations** For FURUNO SYSTEMS ACERA 1320 firmware versions 01.26 and earlier, update to a version later than 01.26. For FURUNO SYSTEMS ACERA 1310 firmware versions 01.26 and earlier, update to a version later than 01.26. For FURUNO SYSTEMS ACERA 1210 firmware versions 02.36 and earlier, update to a version later than 02.36. For FURUNO SYSTEMS ACERA 1150i firmware versions 01.35 and earlier, update to a version later than 01.35. For FURUNO SYSTEMS ACERA 1150w firmware versions 01.35 and earlier, update to a version later than 01.35. For FURUNO SYSTEMS ACERA 1110 firmware versions 01.76 and earlier, update to a version later than 01.76. For FURUNO SYSTEMS ACERA 1020 firmware versions 01.86 and earlier, update to a version later than 01.86. For FURUNO SYSTEMS ACERA 1010 firmware versions 01.86 and earlier, update to a version later than 01.86. For FURUNO SYSTEMS ACERA 950 firmware versions 01.60 and earlier, update to a version later than 01.60. For FURUNO SYSTEMS ACERA 850F firmware versions 01.60 and earlier, update to a version later than 01.60. For FURUNO SYSTEMS ACERA 900 firmware versions 02.54 and earlier, update to a version later than 02.54. For FURUNO SYSTEMS ACERA 850M firmware versions 02.06 and earlier, update to a version later than 02.06. For FURUNO SYSTEMS ACERA 810 firmware versions 03.74 and earlier, update to a version later than 03.74. For FURUNO SYSTEMS ACERA 800ST firmware versions 07.35 and earlier, update to a version later than 07.35. As a temporary workaround, consider restricting access to the web interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fujitsu Si-R 30B all versions Fujitsu Si-R 130B all versions Fujitsu Si-R 90brin all versions Fujitsu Si-R570B all versions Fujitsu Si-R370B all versions Fujitsu Si-R220D all versions Fujitsu Si-R G100 versions V02.54 and earlier Fujitsu Si-R G200 versions V02.54 and earlier Fujitsu Si-R G100B versions V04.12 and earlier Fujitsu Si-R G110B versions V04.12 and earlier Fujitsu Si-R G200B versions V04.12 and earlier Fujitsu Si-R G210 versions V20.52 and earlier Fujitsu Si-R G211 versions V20.52 and earlier Fujitsu Si-R G120 versions V20.52 and earlier Fujitsu Si-R G121 versions V20.52 and earlier Fujitsu SR-M 50AP1 all versions **Description** The issue is related to an authentication bypass vulnerability in Fujitsu network devices, specifically the Si-R series and SR-M series. This vulnerability allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. The vulnerability is associated with weaknesses in the authentication procedure, which can be exploited by a remote attacker to bypass the authentication process. **Recommendations** For Fujitsu Si-R 30B, update to a version later than the affected ones. For Fujitsu Si-R 130B, update to a version later than the affected ones. For Fujitsu Si-R 90brin, update to a version later than the affected ones. For Fujitsu Si-R570B, update to a version later than the affected ones. For Fujitsu Si-R370B, update to a version later than the affected ones. For Fujitsu Si-R220D, update to a version later than the affected ones. For Fujitsu Si-R G100, update to a version later than V02.54. For Fujitsu Si-R G200, update to a version later than V02.54. For Fujitsu Si-R G100B, update to a version later than V04.12. For Fujitsu Si-R G110B, update to a version later than V04.12. For Fujitsu Si-R G200B, update to a version later than V04.12. For Fujitsu Si-R G210, update to a version later than V20.52. For Fujitsu Si-R G211, update to a version later than V20.52. For Fujitsu Si-R G120, update to a version later than V20.52. For Fujitsu Si-R G121, update to a version later than V20.52. For Fujitsu SR-M 50AP1, update to a version later than the affected ones. As a temporary workaround, consider restricting access to the vulnerable devices until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ELECOM LAN routers versions prior to v1.25 (for WRC-1167GST2, WRC-1167GST2A, WRC-1167GST2H, WRC-2533GST2, WRC-2533GST2SP, WRC-2533GST2-G, and EDWRC-2533GST2) ELECOM LAN routers versions prior to v1.52 (for WRC-2533GS2-B and WRC-2533GS2-W) ELECOM LAN routers versions prior to v1.03 (for WRC-1750GS, WRC-1900GST, WRC-2533GST, and WRC-2533GSTA) ELECOM LAN routers versions prior to v2.11 (for WRC-1750GSV) **Description** The issue is related to improper access control in ELECOM LAN routers, allowing a network-adjacent authenticated attacker to bypass access restrictions and access the management screen of the product via unspecified vectors. **Recommendations** For versions prior to v1.25 (WRC-1167GST2, WRC-1167GST2A, WRC-1167GST2H, WRC-2533GST2, WRC-2533GST2SP, WRC-2533GST2-G, and EDWRC-2533GST2), update to a version later than v1.25. For versions prior to v1.52 (WRC-2533GS2-B and WRC-2533GS2-W), update to a version later than v1.52. For versions prior to v1.03 (WRC-1750GS, WRC-1900GST, WRC-2533GST, and WRC-2533GSTA), update to a version later than v1.03. For versions prior to v2.11 (WRC-1750GSV), update to a version later than v2.11. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-1167GST2 firmware versions 1.25 and prior ELECOM WRC-1167GST2A firmware versions 1.25 and prior ELECOM WRC-1167GST2H firmware versions 1.25 and prior ELECOM WRC-2533GS2-B firmware versions 1.52 and prior ELECOM WRC-2533GS2-W firmware versions 1.52 and prior ELECOM WRC-1750GS firmware versions 1.03 and prior ELECOM WRC-1750GSV firmware versions 2.11 and prior ELECOM WRC-1900GST firmware versions 1.03 and prior ELECOM WRC-2533GST firmware versions 1.03 and prior ELECOM WRC-2533GSTA firmware versions 1.03 and prior ELECOM WRC-2533GST2 firmware versions 1.25 and prior ELECOM WRC-2533GST2SP firmware versions 1.25 and prior ELECOM WRC-2533GST2-G firmware versions 1.25 and prior ELECOM EDWRC-2533GST2 firmware versions 1.25 and prior Description: The issue is related to improper access control in ELECOM routers, allowing a network-adjacent unauthenticated attacker to bypass access restrictions. This enables the attacker to start the telnet service and execute arbitrary OS commands via unspecified vectors. Recommendations: For ELECOM WRC-1167GST2 firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-1167GST2A firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-1167GST2H firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GS2-B firmware versions 1.52 and prior, update to a version later than 1.52. For ELECOM WRC-2533GS2-W firmware versions 1.52 and prior, update to a version later than 1.52. For ELECOM WRC-1750GS firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-1750GSV firmware versions 2.11 and prior, update to a version later than 2.11. For ELECOM WRC-1900GST firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GST firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GSTA firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GST2 firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GST2SP firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GST2-G firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM EDWRC-2533GST2 firmware versions 1.25 and prior, update to a version later than 1.25.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-1167GST2 firmware versions 1.25 and prior ELECOM WRC-1167GST2A firmware versions 1.25 and prior ELECOM WRC-1167GST2H firmware versions 1.25 and prior ELECOM WRC-2533GS2-B firmware versions 1.52 and prior ELECOM WRC-2533GS2-W firmware versions 1.52 and prior ELECOM WRC-1750GS firmware versions 1.03 and prior ELECOM WRC-1750GSV firmware versions 2.11 and prior ELECOM WRC-1900GST firmware versions 1.03 and prior ELECOM WRC-2533GST firmware versions 1.03 and prior ELECOM WRC-2533GSTA firmware versions 1.03 and prior ELECOM WRC-2533GST2 firmware versions 1.25 and prior ELECOM WRC-2533GST2SP firmware versions 1.25 and prior ELECOM WRC-2533GST2-G firmware versions 1.25 and prior ELECOM EDWRC-2533GST2 firmware versions 1.25 and prior Description: The issue is related to improper access control in ELECOM routers, allowing a network-adjacent unauthenticated attacker to bypass access restrictions. This enables the attacker to obtain anti-CSRF tokens and change the product's settings via unspecified vectors. Recommendations: For ELECOM WRC-1167GST2 firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-1167GST2A firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-1167GST2H firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GS2-B firmware versions 1.52 and prior, update to a version later than 1.52. For ELECOM WRC-2533GS2-W firmware versions 1.52 and prior, update to a version later than 1.52. For ELECOM WRC-1750GS firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-1750GSV firmware versions 2.11 and prior, update to a version later than 2.11. For ELECOM WRC-1900GST firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GST firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GSTA firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GST2 firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GST2SP firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GST2-G firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM EDWRC-2533GST2 firmware versions 1.25 and prior, update to a version later than 1.25.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-1167GST2 versions 1.25 and prior ELECOM WRC-1167GST2A versions 1.25 and prior ELECOM WRC-1167GST2H versions 1.25 and prior ELECOM WRC-2533GS2-B versions 1.52 and prior ELECOM WRC-2533GS2-W versions 1.52 and prior ELECOM WRC-1750GS versions 1.03 and prior ELECOM WRC-1750GSV versions 2.11 and prior ELECOM WRC-1900GST versions 1.03 and prior ELECOM WRC-2533GST versions 1.03 and prior ELECOM WRC-2533GSTA versions 1.03 and prior ELECOM WRC-2533GST2 versions 1.25 and prior ELECOM WRC-2533GST2SP versions 1.25 and prior ELECOM WRC-2533GST2-G versions 1.25 and prior ELECOM EDWRC-2533GST2 versions 1.25 and prior Description: The issue allows a network-adjacent authenticated attacker to execute an arbitrary OS command with the root privilege via unspecified vectors. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WRC-300FEBK versions all WRC-F300NF versions all WRC-733FEBK versions all WRH-300RD versions all WRH-300BK versions all WRH-300SV versions all WRH-300WH versions all WRH-H300WH versions all WRH-H300BK versions all WRH-300BK-S versions all WRH-300WH-S versions all Description: The issue allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. Recommendations: For all versions of WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions Description: The issue allows an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELECOM LAN routers versions prior to v1.14 (WRC-2533GST2, WRC-1900GST2, WRC-1750GST2) ELECOM LAN routers WRC-1167GST2 version prior to v1.10 **Description** The issue allows an attacker on the same network segment to execute arbitrary OS commands with root privilege via unspecified vectors. **Recommendations** For ELECOM LAN routers WRC-2533GST2, WRC-1900GST2, and WRC-1750GST2, update the firmware to version v1.14 or later. For ELECOM LAN routers WRC-1167GST2, update the firmware to version v1.10 or later.

**Name of the Vulnerable Software and Affected Versions** DBA-1510P firmware version 1.70b009 and earlier **Description** The issue allows authenticated attackers to execute arbitrary OS commands via the Command Line Interface (CLI). This is due to the lack of measures to neutralize special elements used in the OS command. Exploitation of the issue may allow a remote attacker to execute arbitrary OS commands. **Recommendations** For DBA-1510P firmware version 1.70b009 and earlier, consider disabling access to the Command Line Interface (CLI) until a patch is available. Restrict access to the CLI to minimize the risk of exploitation. Avoid using the CLI for executing OS commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DBA-1510P versions 1.70b009 and earlier **Description** The issue is related to the lack of measures to neutralize special elements used in operating system commands, which can be exploited by a remote attacker to execute arbitrary commands via the Web User Interface. **Recommendations** For D-Link DBA-1510P versions 1.70b009 and earlier, update the firmware to a version later than 1.70b009 to resolve the issue. As a temporary workaround, consider restricting access to the Web User Interface to minimize the risk of exploitation.