Thomas J. Knudsen

**Name of the Vulnerable Software and Affected Versions** BUFFALO VR-S1000 versions 2.37 and earlier **Description** The issue is related to the improper neutralization of argument delimiters in a command, also known as an 'Argument Injection' vulnerability. This allows an authenticated attacker who can access the product's command line interface to execute an arbitrary command. **Recommendations** For versions 2.37 and earlier, consider restricting access to the command line interface until a patch is available. As a temporary workaround, limit the execution of commands to only those that are necessary for the device's operation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BUFFALO VR-S1000 versions 2.37 and earlier **Description** The issue is related to the use of a hard-coded cryptographic key in the firmware, which may allow an attacker to analyze the password of a specific product user. This could potentially lead to unauthorized access. The vulnerability is associated with the use of pre-installed credentials. **Recommendations** For versions 2.37 and earlier, consider updating the firmware to a version that does not use a hard-coded cryptographic key, if available. As a temporary workaround, restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti versions (affected versions not specified) VR-S1000 firmware versions prior to 2.42 **Description** The issue is related to a lack of protection in the SQL query structure in Cacti, and in VR-S1000 firmware, it allows an attacker with access to the product's web management page to execute arbitrary OS commands. This could potentially be exploited by a remote attacker to execute arbitrary code using the pollers.php script. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. **Recommendations** For Cacti, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For VR-S1000 firmware versions prior to 2.42, update to version 2.42 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A200 firmware versions 01.00.05 and earlier **Description** The issue is related to improper access control, allowing a remote unauthenticated attacker to connect to the product's ADB port. **Recommendations** For SkyBridge MB-A200 firmware versions 01.00.05 and earlier, consider restricting access to the ADB port as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A200 versions 01.00.05 and earlier SkyBridge BASIC MB-A130 versions 1.4.1 and earlier **Description** The issue is related to an improper following of a certificate's chain of trust, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. **Recommendations** For SkyBridge MB-A200 versions 01.00.05 and earlier, update to a version later than 01.00.05 to resolve the issue. For SkyBridge BASIC MB-A130 versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the WebUI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier **Description** The issue concerns missing authentication for a critical function, potentially allowing a remote unauthenticated attacker to execute certain critical functions without authentication, such as rebooting the product. **Recommendations** For SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier, update to a version later than 4.2.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier **Description** Cleartext storage of sensitive information exists, which may allow a remote authenticated attacker to obtain an APN credential for the product. **Recommendations** For SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier, update to a version later than 4.2.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier **Description** The issue is related to the use of weak credentials in the firmware, which may allow a remote unauthenticated attacker to decrypt the password for the WebUI of the product. **Recommendations** For SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier, update to a version later than 4.2.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Seiko Solutions SkyBridge MB-A200 versions 01.00.05 and earlier Seiko Solutions SkyBridge BASIC MB-A130 versions 1.4.1 and earlier Seiko Solutions SkySpider MB-R210 versions 1.01.00 and earlier **Description** The issue is related to the use of weak credentials in the Seiko Solutions SkyBridge and SkySpider series. This weakness may allow a remote unauthenticated attacker to decrypt the password for the WebUI of the product. **Recommendations** For SkyBridge MB-A200 versions 01.00.05 and earlier, update the firmware to a version later than 01.00.05. For SkyBridge BASIC MB-A130 versions 1.4.1 and earlier, update the firmware to a version later than 1.4.1. For SkySpider MB-R210 versions 1.01.00 and earlier, update the firmware to a version later than 1.01.00. As a temporary workaround, consider restricting access to the WebUI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A100/110 versions 4.2.0 and earlier **Description** The issue involves cleartext transmission of sensitive information. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product. **Recommendations** For SkyBridge MB-A100/110 versions 4.2.0 and earlier, consider disabling the telnet connection to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the product's administrative interface to minimize the risk of eavesdropping or alteration of sensitive information.

**Name of the Vulnerable Software and Affected Versions** SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier **Description** The issue is related to improper privilege management, allowing a remote authenticated attacker to alter the WebUI password of the product. This can be exploited by an attacker with authenticated access to the system. **Recommendations** For SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier, update to a version later than 4.2.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Seiko Solutions SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier Seiko Solutions SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier **Description** A missing authentication issue for a critical function exists in the Seiko Solutions SkyBridge series, allowing a remote attacker to obtain or alter the product's setting information or execute critical functions without authentication, such as rebooting the product. **Recommendations** For Seiko Solutions SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, update to a version later than Ver. 01.00.05 to resolve the issue. For Seiko Solutions SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, update to a version later than Ver. 1.4.1 to resolve the issue. As a temporary workaround, consider restricting access to critical functions that do not require authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BS-GSL2024 firmware Ver. 1.10-0.03 and earlier BS-GSL2016P firmware Ver. 1.10-0.03 and earlier BS-GSL2016 firmware Ver. 1.10-0.03 and earlier BS-GS2008 firmware Ver. 1.0.10.01 and earlier BS-GS2016 firmware Ver. 1.0.10.01 and earlier BS-GS2024 firmware Ver. 1.0.10.01 and earlier BS-GS2048 firmware Ver. 1.0.10.01 and earlier BS-GS2008P firmware Ver. 1.0.10.01 and earlier BS-GS2016P firmware Ver. 1.0.10.01 and earlier BS-GS2024P firmware Ver. 1.0.10.01 and earlier **Description** The issue is related to the use of hard-coded credentials in Buffalo network devices, allowing an attacker to access the debug function of the product. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmaCam CS-QR10 all versions SmaCam Night Vision CS-QR20 all versions **Description** A missing protection mechanism for an alternate hardware interface in the affected products allows an attacker to execute an arbitrary OS command by connecting to the product's specific serial connection. **Recommendations** For SmaCam CS-QR10 all versions: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For SmaCam Night Vision CS-QR20 all versions: At the moment, there is no information about a newer version that contains a fix for this vulnerability.