Shuto Imai

**Name of the Vulnerable Software and Affected Versions** home 5G HR02 (affected versions not specified) Wi-Fi STATION SH-52B (affected versions not specified) Wi-Fi STATION SH-54C (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the hidden debug function of the affected products. A remote unauthenticated attacker may cause the web console of the product to become unavailable. **Recommendations** For home 5G HR02, consider disabling the hidden debug function as a temporary workaround until a patch is available. For Wi-Fi STATION SH-52B, restrict access to the hidden debug feature to minimize the risk of exploitation. For Wi-Fi STATION SH-54C, avoid using the hidden debug function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SHARP routers (affected versions not specified) **Description** The issue is related to an improper authentication vulnerability in the configuration backup function of SHARP routers. This vulnerability allows a remote unauthenticated attacker to retrieve the product's backup files, which contain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: home 5G HR02 (affected versions not specified) Wi-Fi STATION SH-52B (affected versions not specified) Wi-Fi STATION SH-54C (affected versions not specified) Description: The issue is an OS command injection vulnerability found in the HOST name configuration screen of the affected devices. This vulnerability allows an arbitrary OS command to be executed with root privilege by an administrative user. Recommendations: For home 5G HR02, consider restricting access to the HOST name configuration screen until a patch is available. For Wi-Fi STATION SH-52B, avoid using the HOST name configuration screen with administrative privileges until the issue is resolved. For Wi-Fi STATION SH-54C, as a temporary workaround, consider disabling the HOST name configuration screen functionality until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: home 5G HR02 and Wi-Fi STATION SH-54C (affected versions not specified) Description: The issue is an OS command injection vulnerability in the configuration restore function. This allows an arbitrary OS command to be executed with root privilege by an administrative user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SHARP routers (affected versions not specified) **Description** The issue is related to a hidden debug function that is enabled in multiple SHARP routers, allowing an arbitrary OS command to be executed with root privilege by a remote unauthenticated attacker. This is due to insufficient protection of service data in the implementation of the debug code. The exploitation of this issue may allow a remote attacker to elevate their privileges and execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smart-tab Android app versions April 2023 or earlier **Description** The issue concerns the storage of passwords in plaintext. If exploited, an attacker with physical access to the device may retrieve credential information and spoof the device to access related external services. **Recommendations** For versions April 2023 or earlier, consider removing or updating the app to prevent potential exploitation, as the plaintext storage of passwords poses a significant risk. As a temporary workaround, restrict access to sensitive information on devices with the affected app until a secure version is installed.

**Name of the Vulnerable Software and Affected Versions** Smart-tab Android app versions prior to May 2023 **Description** The issue concerns an active debug code vulnerability in the Smart-tab Android app. If exploited, an attacker with physical access to the device may use the debug function to access OS functions, escalate privileges, change device settings, or spoof devices in other rooms. **Recommendations** For versions prior to May 2023, as a temporary workaround, consider disabling the debug function until a patch is available. Restrict physical access to devices to minimize the risk of exploitation. Update the Smart-tab Android app to a version released after April 2023 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business 100, 300, and 500 Series Wireless Access Points (affected versions not specified) **Description** The web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points contains vulnerabilities that could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. The issue is related to the failure to neutralize special elements used in operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business 100, 300, and 500 Series Wireless Access Points (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of certain Cisco Small Business Wireless Access Points. These vulnerabilities could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. The vulnerability is associated with information disclosure, which can be exploited by a remote attacker to gain confidential information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/RS (affected versions not specified) Description: The issue is related to improper check or handling of exceptional conditions, allowing a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/RS (affected versions not specified) Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators via a specially crafted URL, potentially leading to unintended operations on the device, such as changes to device settings. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/PR5B (affected versions not specified) Description: The issue is related to improper check or handling of exceptional conditions, allowing a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/PR5B (affected versions not specified) Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators via a specially crafted URL, potentially leading to unintended operations on the device, such as changes to device settings. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei E5332 router versions prior to 21.344.27.00.1080 **Description** The issue is related to a buffer overflow in the Webserver component, which can be exploited by remote authenticated users. This can lead to a denial of service, causing the router to reboot, via a long URI. **Recommendations** For versions prior to 21.344.27.00.1080, update to version 21.344.27.00.1080 or later to resolve the issue. As a temporary workaround, consider restricting access to the Webserver component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Huawei E5332 router versions prior to 21.344.27.00.1080 **Description** A buffer overflow issue exists in the Webserver component, allowing remote authenticated users to cause a denial of service, resulting in a reboot of the device, by sending a long parameter in an API service request message. **Recommendations** For versions prior to 21.344.27.00.1080, update to version 21.344.27.00.1080 or later to resolve the issue. As a temporary workaround, consider restricting access to the Webserver component to minimize the risk of exploitation.