Shu Yoshikoshi

**Name of the Vulnerable Software and Affected Versions** UpdateNavi versions 1.4 L10 through 1.4 L33 UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125 **Description** The issue exists due to improper restriction of communication channel to intended endpoints. If a local authenticated attacker sends malicious data, an arbitrary registry value may be modified or arbitrary code may be executed. **Recommendations** For UpdateNavi versions 1.4 L10 through 1.4 L33, consider restricting access to the communication channel to prevent malicious data from being sent. For UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125, consider implementing proper restrictions on the communication channel to intended endpoints to prevent arbitrary registry value modification or code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELECOM wireless LAN routers versions v1.03 and earlier ELECOM WRC-1167GHBK-S versions v1.03 and earlier ELECOM WRC-1167GEBK-S versions v1.03 and earlier ELECOM WRC-1167FEBK-S versions v1.04 and earlier ELECOM WRC-1167GHBK3-A versions v1.24 and earlier ELECOM WRC-1167FEBK-A versions v1.18 and earlier ELECOM WRC-F1167ACF2 all versions ELECOM WRC-600GHBK-A all versions ELECOM WRC-733FEBK2-A all versions ELECOM WRC-1467GHBK-A all versions ELECOM WRC-1467GHBK-S all versions ELECOM WRC-1900GHBK-A all versions ELECOM WRC-1900GHBK-S all versions **Description** The issue allows a network-adjacent unauthorized attacker to obtain sensitive information. **Recommendations** For ELECOM WRC-1167GHBK-S version v1.03 and earlier, update to a version later than v1.03. For ELECOM WRC-1167GEBK-S version v1.03 and earlier, update to a version later than v1.03. For ELECOM WRC-1167FEBK-S version v1.04 and earlier, update to a version later than v1.04. For ELECOM WRC-1167GHBK3-A version v1.24 and earlier, update to a version later than v1.24. For ELECOM WRC-1167FEBK-A version v1.18 and earlier, update to a version later than v1.18. For ELECOM WRC-F1167ACF2, WRC-600GHBK-A, WRC-733FEBK2-A, WRC-1467GHBK-A, WRC-1467GHBK-S, WRC-1900GHBK-A, and WRC-1900GHBK-S, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ELECOM wireless LAN routers versions prior to v1.03 for WRC-1167GHBK-S ELECOM wireless LAN routers versions prior to v1.03 for WRC-1167GEBK-S ELECOM wireless LAN routers versions prior to v1.04 for WRC-1167FEBK-S ELECOM wireless LAN routers versions prior to v1.24 for WRC-1167GHBK3-A ELECOM wireless LAN routers versions prior to v1.18 for WRC-1167FEBK-A **Description** The issue allows a network-adjacent authenticated attacker to execute an arbitrary OS command with root privilege by sending a specially crafted request. **Recommendations** For WRC-1167GHBK-S version v1.03 and earlier, update to a version later than v1.03. For WRC-1167GEBK-S version v1.03 and earlier, update to a version later than v1.03. For WRC-1167FEBK-S version v1.04 and earlier, update to a version later than v1.04. For WRC-1167GHBK3-A version v1.24 and earlier, update to a version later than v1.24. For WRC-1167FEBK-A version v1.18 and earlier, update to a version later than v1.18.

**Name of the Vulnerable Software and Affected Versions** Aterm SA3500G firmware versions prior to Ver. 3.5.9 **Description** The issue allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in arbitrary command execution. **Recommendations** For Aterm SA3500G firmware versions prior to Ver. 3.5.9, update to Ver. 3.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the specific URL to minimize the risk of exploitation.