Troy Wilson

**Name of the Vulnerable Software and Affected Versions** Gefen WebFWC (In AV over IP products) versions 1.70, 1.85h, 1.86v **Description** An issue in the /usr/local/bin/jncs.sh script allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. **Recommendations** For version 1.70, update to a fixed version if available. For version 1.85h, update to a fixed version if available. For version 1.86v, update to a fixed version if available. As a temporary workaround, consider restricting access to the /usr/local/bin/jncs.sh script to minimize the risk of exploitation. Restrict access to TCP port 4444 to prevent unauthorized connections.