Masahiro Iida

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

**Name of the Vulnerable Software and Affected Versions** ELECOM wireless LAN access point devices (affected versions not specified) **Description** A stack-based buffer overflow exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CL4/6NX Plus and CL4/6NX-J Plus (Japan model) versions prior to 1.15.5-r1 **Description** An OS command injection issue exists that allows for the execution of arbitrary OS commands on the system with a certain non-administrative user privilege. **Recommendations** Update to firmware version 1.15.5-r1 or later.

**Name of the Vulnerable Software and Affected Versions** CL4/6NX Plus versions prior to 1.15.5-r1 CL4/6NX-J Plus (Japan model) versions prior to 1.15.5-r1 **Description** The CL4/6NX Plus and CL4/6NX-J Plus devices are susceptible to arbitrary Lua script execution. This occurs due to the ability to upload crafted dangerous files. Successful exploitation allows execution of Lua scripts with root privileges on the system. **Recommendations** Update CL4/6NX Plus to firmware version 1.15.5-r1 or later. Update CL4/6NX-J Plus (Japan model) to firmware version 1.15.5-r1 or later.

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook for iOS (affected versions not specified) Description: The issue is related to improper authorization in the Microsoft Outlook for iOS mail client. Exploitation of this issue may allow a remote attacker to disclose protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BUFFALO VR-S1000 versions 2.37 and earlier **Description** The issue allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information. **Recommendations** For versions 2.37 and earlier, update to a version later than 2.37 to resolve the issue. As a temporary workaround, consider restricting access to the web management page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ELECOM WRC-1167GHBK-S versions v1.03 and earlier ELECOM WRC-1167GEBK-S versions v1.03 and earlier ELECOM WRC-1167FEBK-S versions v1.04 and earlier ELECOM WRC-1167GHBK3-A versions v1.24 and earlier ELECOM WRC-1167FEBK-A versions v1.18 and earlier **Description** A code injection issue in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. **Recommendations** For ELECOM WRC-1167GHBK-S versions v1.03 and earlier, update to a version later than v1.03 to resolve the issue. For ELECOM WRC-1167GEBK-S versions v1.03 and earlier, update to a version later than v1.03 to resolve the issue. For ELECOM WRC-1167FEBK-S versions v1.04 and earlier, update to a version later than v1.04 to resolve the issue. For ELECOM WRC-1167GHBK3-A versions v1.24 and earlier, update to a version later than v1.24 to resolve the issue. For ELECOM WRC-1167FEBK-A versions v1.18 and earlier, update to a version later than v1.18 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AC-PD-WAPU versions 1.05 B04 and earlier AC-PD-WAPUM versions 1.05 B04 and earlier AC-PD-WAPU-P versions 1.05 B04P and earlier AC-PD-WAPUM-P versions 1.05 B04P and earlier AC-WAPU-300 versions 1.00 B07 and earlier AC-WAPUM-300 versions 1.00 B07 and earlier AC-WAPU-300-P versions 1.00 B07 and earlier AC-WAPUM-300-P versions 1.00 B07 and earlier **Description** An OS command injection vulnerability exists in Wi-Fi AP UNIT, allowing a remote authenticated attacker with administrative privilege to execute an arbitrary OS command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AC-PD-WAPU versions 1.05 B04 and earlier AC-PD-WAPUM versions 1.05 B04 and earlier AC-PD-WAPU-P versions 1.05 B04P and earlier AC-PD-WAPUM-P versions 1.05 B04P and earlier AC-WAPU-300 versions 1.00 B07 and earlier AC-WAPUM-300 versions 1.00 B07 and earlier AC-WAPU-300-P versions 1.00 B07 and earlier AC-WAPUM-300-P versions 1.00 B07 and earlier **Description** The issue is related to missing authentication for a critical function in Wi-Fi AP UNIT, allowing a remote unauthenticated attacker to obtain sensitive information of the affected products. **Recommendations** For AC-PD-WAPU versions 1.05 B04 and earlier, update to a version later than 1.05 B04. For AC-PD-WAPUM versions 1.05 B04 and earlier, update to a version later than 1.05 B04. For AC-PD-WAPU-P versions 1.05 B04P and earlier, update to a version later than 1.05 B04P. For AC-PD-WAPUM-P versions 1.05 B04P and earlier, update to a version later than 1.05 B04P. For AC-WAPU-300 versions 1.00 B07 and earlier, update to a version later than 1.00 B07. For AC-WAPUM-300 versions 1.00 B07 and earlier, update to a version later than 1.00 B07. For AC-WAPU-300-P versions 1.00 B07 and earlier, update to a version later than 1.00 B07. For AC-WAPUM-300-P versions 1.00 B07 and earlier, update to a version later than 1.00 B07.

**Name of the Vulnerable Software and Affected Versions** JINS MEME CORE Firmware versions 2.2.0 and earlier **Description** The issue is related to a hard-coded cryptographic key used in the firmware, which may allow a network-adjacent attacker to decrypt data acquired by a sensor of the affected product. **Recommendations** For JINS MEME CORE Firmware versions 2.2.0 and earlier, update to a version that does not use a hard-coded cryptographic key to prevent potential decryption of sensor-acquired data by a network-adjacent attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PIX-RT100 versions RT100 TEQ 2.1.1 EQ101 and RT100 TEQ 2.1.2 EQ101 **Description** The issue allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command. This is an OS command injection vulnerability. **Recommendations** For PIX-RT100 version RT100 TEQ 2.1.1 EQ101, update to a version that fixes the OS command injection vulnerability. For PIX-RT100 version RT100 TEQ 2.1.2 EQ101, update to a version that fixes the OS command injection vulnerability. As a temporary workaround, consider restricting access to product settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PIX-RT100 versions RT100 TEQ 2.1.1 EQ101 through RT100 TEQ 2.1.2 EQ101 **Description** The issue concerns a hidden functionality vulnerability that enables a network-adjacent attacker to access the product. This access is achieved through undocumented Telnet or SSH services. **Recommendations** For PIX-RT100 versions RT100 TEQ 2.1.1 EQ101 through RT100 TEQ 2.1.2 EQ101, consider disabling the undocumented Telnet and SSH services as a temporary workaround until a patch is available.