Satoru Nagaoka

**Name of the Vulnerable Software and Affected Versions** BUFFALO wireless LAN routers (affected versions not specified) **Description** The issue allows a logged-in user to execute arbitrary OS commands, which is an OS command injection vulnerability in BUFFALO wireless LAN routers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BUFFALO wireless LAN routers (affected versions not specified) **Description** A plaintext storage of a password issue exists, which may allow a network-adjacent unauthenticated attacker with access to the product's login page to obtain configured credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELECOM wireless LAN routers and wireless LAN repeater (affected versions not specified) **Description** A cross-site request forgery (CSRF) issue allows a remote unauthenticated attacker to hijack the authentication of administrators and perform unintended operations on the affected product. This affects ELECOM wireless LAN routers and wireless LAN repeaters, including models WMC-X1800GST-B and WSC-X1800GS-B, which are also part of the e-Mesh Starter Kit "WMC-2LX-B". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM LAN routers versions 1.03 and prior ELECOM LAN routers versions 1.25 and prior ELECOM LAN routers versions 1.52 and prior ELECOM LAN routers versions 2.11 and prior Description: The issue allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors. Recommendations: For ELECOM LAN routers versions 1.03 and prior, update to a version later than 1.03 to resolve the issue. For ELECOM LAN routers versions 1.25 and prior, update to a version later than 1.25 to resolve the issue. For ELECOM LAN routers versions 1.52 and prior, update to a version later than 1.52 to resolve the issue. For ELECOM LAN routers versions 2.11 and prior, update to a version later than 2.11 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ELECOM LAN routers versions 1.03 and prior ELECOM LAN routers versions 1.25 and prior ELECOM LAN routers versions 1.52 and prior ELECOM LAN routers versions 2.11 and prior Description: An improper access control issue in ELECOM LAN routers allows a network-adjacent authenticated attacker to bypass access restrictions and access the management screen of the product via unspecified vectors. Recommendations: For versions 1.03 and prior, update to a version later than 1.03 to resolve the issue. For versions 1.25 and prior, update to a version later than 1.25 to resolve the issue. For versions 1.52 and prior, update to a version later than 1.52 to resolve the issue. For versions 2.11 and prior, update to a version later than 2.11 to resolve the issue. As a temporary workaround, consider restricting access to the management screen until a patch is available.

Name of the Vulnerable Software and Affected Versions: ELECOM LAN routers versions 1.03 and prior ELECOM LAN routers versions 1.25 and prior ELECOM LAN routers versions 1.52 and prior ELECOM LAN routers versions 2.11 and prior Description: A cross-site request forgery (CSRF) issue allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. Recommendations: For ELECOM LAN routers versions 1.03 and prior, update to a version later than 1.03 to resolve the issue. For ELECOM LAN routers versions 1.25 and prior, update to a version later than 1.25 to resolve the issue. For ELECOM LAN routers versions 1.52 and prior, update to a version later than 1.52 to resolve the issue. For ELECOM LAN routers versions 2.11 and prior, update to a version later than 2.11 to resolve the issue. As a temporary workaround, consider restricting access to the router's web interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Aterm WG2600HS firmware versions 1.5.1 and earlier Description: The issue allows an attacker to execute arbitrary OS commands via unspecified vectors. Recommendations: For Aterm WG2600HS firmware versions 1.5.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Aterm WG2600HS firmware versions prior to Ver1.5.1 Description: A cross-site scripting issue allows remote attackers to inject an arbitrary script via unspecified vectors. Recommendations: For Aterm WG2600HS firmware versions prior to Ver1.5.1, update to a version later than Ver1.5.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-300FEBK-S (affected versions not specified) Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via an unspecified vector. This can result in the alteration of device settings and/or the starting of the telnet daemon. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-300FEBK-S (affected versions not specified) Description: The issue concerns an improper certificate validation, which can be exploited via a man-in-the-middle attack. This allows an attacker to alter the communication response, potentially leading to the execution of an arbitrary OS command on the affected device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-300FEBK-S (affected versions not specified) Description: The issue allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. There is no information available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Aterm WF800HP versions 1.0.9 and earlier Description: The issue allows remote attackers to inject an arbitrary script via unspecified vectors, which can lead to cross-site scripting. Recommendations: For versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the device's web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UNIQLO App for Android versions 7.3.3 and earlier **Description** The issue allows remote attackers to lead a user to access an arbitrary website via the vulnerable App, potentially resulting in the user falling victim to a social engineering attack if the access destination is a malicious website. **Recommendations** For versions 7.3.3 and earlier, update to a version later than 7.3.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NITORI App for Android versions 6.0.4 and earlier NITORI App for iOS versions 6.0.2 and earlier **Description** The issue allows remote attackers to lead a user to access an arbitrary website via the vulnerable App, potentially resulting in the user becoming a victim of a phishing attack. **Recommendations** For NITORI App for Android versions 6.0.4 and earlier, update to a version later than 6.0.4 to resolve the issue. For NITORI App for iOS versions 6.0.2 and earlier, update to a version later than 6.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Aterm WG2600HS versions 1.3.2 and earlier **Description** The issue allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. **Recommendations** For Aterm WG2600HS versions 1.3.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aterm WG2600HS versions Ver1.3.2 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting. **Recommendations** For Aterm WG2600HS versions Ver1.3.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aterm WF1200CR versions 1.1.1 and earlier Aterm WG1200CR versions 1.0.1 and earlier **Description** The issue allows an attacker on the same network segment to obtain information registered on the device via unspecified vectors. **Recommendations** For Aterm WF1200CR versions 1.1.1 and earlier, update to a version later than 1.1.1. For Aterm WG1200CR versions 1.0.1 and earlier, update to a version later than 1.0.1.

**Name of the Vulnerable Software and Affected Versions** Aterm WF1200CR versions 1.1.1 and earlier Aterm WG1200CR versions 1.0.1 and earlier **Description** The issue allows an attacker on the same network segment to execute arbitrary OS commands via the SOAP interface of UPnP. **Recommendations** For Aterm WF1200CR versions 1.1.1 and earlier, consider disabling the UPnP feature until a patch is available. For Aterm WG1200CR versions 1.0.1 and earlier, consider disabling the UPnP feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Aterm WF1200CR versions 1.1.1 and earlier Aterm WG1200CR versions 1.0.1 and earlier **Description** The issue allows authenticated attackers to execute arbitrary OS commands. **Recommendations** For Aterm WF1200CR versions 1.1.1 and earlier, update to a version later than 1.1.1. For Aterm WG1200CR versions 1.0.1 and earlier, update to a version later than 1.0.1.

**Name of the Vulnerable Software and Affected Versions** Aterm WF1200CR versions 1.1.1 and earlier Aterm WG1200CR versions 1.0.1 and earlier **Description** A cross-site scripting issue allows authenticated attackers to inject arbitrary web script or HTML. **Recommendations** For Aterm WF1200CR versions 1.1.1 and earlier, update to a version later than 1.1.1. For Aterm WG1200CR versions 1.0.1 and earlier, update to a version later than 1.0.1.