Takeshi Kuramori

**Name of the Vulnerable Software and Affected Versions** UD-LT2 firmware versions 1.00.008 SE and earlier **Description** An issue exists due to the improper neutralization of special elements used in an OS command, allowing for the execution of arbitrary OS commands by an attacker with administrative access. This can be exploited by an attacker who can access the affected product with an administrative account. **Recommendations** For versions 1.00.008 SE and earlier, update to a version later than 1.00.008 SE to resolve the issue. As a temporary workaround, consider restricting administrative access to the affected product until a patch is available.

**Name of the Vulnerable Software and Affected Versions** UD-LT2 firmware versions 1.00.008 SE and earlier **Description** The issue exists due to the inclusion of undocumented features, allowing a remote attacker to disable the LAN-side firewall function of the affected products and open specific ports. **Recommendations** For UD-LT2 firmware versions 1.00.008 SE and earlier, consider disabling the undocumented features until a patch is available. As a temporary workaround, restrict access to the LAN-side firewall function to minimize the risk of exploitation. Avoid using the affected firmware until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UD-LT2 firmware versions 1.00.008 SE and earlier **Description** An issue exists due to the improper neutralization of special elements used in an OS command, allowing for the execution of arbitrary OS commands if a user logs in to the CLI of the affected product. **Recommendations** For versions 1.00.008 SE and earlier, update to a version that addresses the OS Command Injection issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: UD-LT1 firmware versions 2.1.9 and earlier UD-LT1/EX firmware versions 2.1.9 and earlier Description: The issue is related to incorrect permission assignment for a critical resource in the firmware of I-O Data Device UD-LT1 and UD-LT1/EX. This could allow an attacker with a guest account to access a specific file and obtain information containing credentials. The vulnerability may be exploited remotely. Recommendations: For UD-LT1 firmware versions 2.1.9 and earlier, update to a version that fixes the incorrect permission assignment issue. For UD-LT1/EX firmware versions 2.1.9 and earlier, update to a version that fixes the incorrect permission assignment issue. As a temporary workaround, consider restricting access to the specific file that contains credentials to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.9 and earlier I-O Data Device UD-LT1/EX versions 2.1.9 and earlier Description: The issue allows a remote authenticated attacker with an administrative account to execute arbitrary OS commands. This is due to the lack of measures to neutralize special elements in the firmware of the I-O Data Device UD-LT1 and UD-LT1/EX routers. Recommendations: For I-O Data Device UD-LT1 versions 2.1.9 and earlier, update to a version later than 2.1.9 to resolve the issue. For I-O Data Device UD-LT1/EX versions 2.1.9 and earlier, update to a version later than 2.1.9 to resolve the issue. As a temporary workaround, consider restricting access to administrative accounts until a patch is available. Restrict input/output on all devices to minimize the risk of exploitation. Audit for signs of exploit to ensure the issue has not been previously exploited.