Satoshi Ogawa

Name of the Vulnerable Software and Affected Versions: QND Advance/Premium/Standard versions 11.0.4i and earlier Description: A privilege escalation issue allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. This could result in sensitive information being altered or obtained, or unintended operations being performed. Recommendations: For QND Advance/Premium/Standard versions 11.0.4i and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-300FEBK-A (affected versions not specified) Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via an unspecified vector. This can result in the alteration of device settings and/or the starting of the telnet daemon. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-300FEBK-A (affected versions not specified) Description: The issue allows remote authenticated attackers to inject arbitrary script via unspecified vectors, which can lead to cross-site scripting. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AC1200HP Firmware versions prior to 3.0.0.4.380.4180 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 3.0.0.4.380.4180, update to version 3.0.0.4.380.4180 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3) CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3) **Description** A cross-site scripting issue allows an attacker to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), update to a version later than 4.3.10. For CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), update to a version later than 4.3.10.

**Name of the Vulnerable Software and Affected Versions** Corega CG-WLR300NX firmware versions 1.20 and earlier **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of logged-in users, enabling them to conduct unintended operations. The exact vectors used for exploitation are not specified. **Recommendations** For Corega CG-WLR300NX firmware versions 1.20 and earlier, update to a version later than 1.20 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Corega CG-WLR300NX firmware version 1.20 and earlier **Description** The issue allows an attacker on the same network segment to bypass access restrictions and perform arbitrary operations. **Recommendations** For Corega CG-WLR300NX firmware version 1.20 and earlier, update to a version later than 1.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DERAEMON-CMS versions 0.8.9 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the parameters `hostname`, `database`, and `username`. **Recommendations** For DERAEMON-CMS versions 0.8.9 and earlier, avoid using the parameters `hostname`, `database`, and `username` in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Corega CG-WLR300NX firmware versions 1.20 and earlier **Description** A cross-site scripting issue allows an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Corega CG-WLR300NX firmware versions 1.20 and earlier, update to a version later than 1.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SOY CMS versions 1.8.12 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For SOY CMS versions 1.8.12 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneThird CMS versions 1.73 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the language.php file. **Recommendations** For OneThird CMS versions 1.73 and earlier, update to a version later than 1.73 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SetsucoCMS (affected versions not specified) **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SetsucoCMS (affected versions not specified) **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of an administrator, enabling them to change settings. The exact vectors used for this exploitation are not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SetsucoCMS versions all **Description** The issue is related to improper session management, which allows remote attackers to disclose or alter unauthorized information. The exact vectors used for the attack are not specified. **Recommendations** For SetsucoCMS all versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** I-O DATA DEVICE WN-G300R versions 1.12 and earlier I-O DATA DEVICE WN-G300R2 versions 1.12 and earlier I-O DATA DEVICE WN-G300R3 versions 1.01 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For I-O DATA DEVICE WN-G300R versions 1.12 and earlier, update to a version later than 1.12. For I-O DATA DEVICE WN-G300R2 versions 1.12 and earlier, update to a version later than 1.12. For I-O DATA DEVICE WN-G300R3 versions 1.01 and earlier, update to a version later than 1.01.

**Name of the Vulnerable Software and Affected Versions** NEC Aterm WF800HP versions 1.0.17 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. **Recommendations** For versions 1.0.17 and earlier, update to a version later than 1.0.17 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BUFFALO BHR-4GRV2 versions 1.04 and earlier BUFFALO WEX-300 versions 1.90 and earlier BUFFALO WHR-1166DHP versions 1.90 and earlier BUFFALO WHR-300HP2 versions 1.90 and earlier BUFFALO WHR-600D versions 1.90 and earlier BUFFALO WMR-300 versions 1.90 and earlier BUFFALO WMR-433 versions 1.01 and earlier BUFFALO WSR-1166DHP versions 1.01 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This could potentially lead to unauthorized access or control of the affected devices. **Recommendations** For BUFFALO BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04. For BUFFALO WEX-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-1166DHP versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-300HP2 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-600D versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-433 versions 1.01 and earlier, update to a version later than 1.01. For BUFFALO WSR-1166DHP versions 1.01 and earlier, update to a version later than 1.01.

**Name of the Vulnerable Software and Affected Versions** BUFFALO BHR-4GRV2 versions 1.04 and earlier BUFFALO WEX-300 versions 1.90 and earlier BUFFALO WHR-1166DHP versions 1.90 and earlier BUFFALO WHR-300HP2 versions 1.90 and earlier BUFFALO WHR-600D versions 1.90 and earlier BUFFALO WMR-300 versions 1.90 and earlier BUFFALO WMR-433 versions 1.01 and earlier BUFFALO WSR-1166DHP versions 1.01 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on the web application. **Recommendations** For BUFFALO BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04. For BUFFALO WEX-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-1166DHP versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-300HP2 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-600D versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-433 versions 1.01 and earlier, update to a version later than 1.01. For BUFFALO WSR-1166DHP versions 1.01 and earlier, update to a version later than 1.01.

**Name of the Vulnerable Software and Affected Versions** Buffalo WHR-1166DHP versions 1.60 and earlier Buffalo WSR-600DHP versions 1.60 and earlier Buffalo WHR-600D versions 1.60 and earlier Buffalo WHR-300HP2 versions 1.60 and earlier Buffalo WMR-300 versions 1.60 and earlier Buffalo WEX-300 versions 1.60 and earlier Buffalo BHR-4GRV2 versions 1.04 and earlier **Description** The issue allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. **Recommendations** For Buffalo WHR-1166DHP versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WSR-600DHP versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WHR-600D versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WHR-300HP2 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WMR-300 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WEX-300 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04.