Narumi Hirai

**Name of the Vulnerable Software and Affected Versions** Rakuten Casa version AP F V1 4 1 Rakuten Casa version AP F V2 0 0 **Description** The issue is related to a hard-coded credential in Rakuten Casa, which may allow a remote unauthenticated attacker to log in with root privilege and perform arbitrary operations. **Recommendations** For Rakuten Casa version AP F V1 4 1, update to a version that does not use hard-coded credentials to prevent unauthorized access. For Rakuten Casa version AP F V2 0 0, update to a version that does not use hard-coded credentials to prevent unauthorized access. As a temporary workaround, consider restricting access to the root account until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Aterm SA3500G firmware versions prior to Ver. 3.5.9 **Description** The issue allows an attacker with administrative privilege to send a specially crafted request to a specific URL, which may result in arbitrary command execution. **Recommendations** For Aterm SA3500G firmware versions prior to Ver. 3.5.9, update to Ver. 3.5.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Aterm SA3500G versions prior to 3.5.9 **Description** The issue is related to improper validation of an integrity check value in the firmware, which can be exploited by an attacker with administrative privileges to execute malicious programs. **Recommendations** For versions prior to 3.5.9, update the firmware to version 3.5.9 or later to resolve the issue.