Tsukada Nobuhisa

**Name of the Vulnerable Software and Affected Versions** NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions **Description** The issue allows a remote unauthenticated attacker to alter the information stored in the system due to an authentication bypass vulnerability. **Recommendations** For NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Toshiba FlashAir SD-WD/WC series Class 6 model version 1.00.04 and later Toshiba FlashAir SD-WD/WC series Class 10 model W-02 version 2.00.02 and later Toshiba FlashAir SD-WE series Class 10 model W-03 Toshiba FlashAir II Class 10 model W-02 series version 2.00.02 and later Toshiba FlashAir III Class 10 model W-03 series Toshiba FlashAir W-02 series Class 10 model version 2.00.02 and later Toshiba FlashAir W-03 series Class 10 model **Description** The issue allows attackers with access to the STA side LAN to obtain files or data when "Internet pass-thru Mode" is enabled, as no authentication is required for accepting connections. **Recommendations** For Toshiba FlashAir SD-WD/WC series Class 6 model version 1.00.04 and later, consider disabling "Internet pass-thru Mode" until a patch is available. For Toshiba FlashAir SD-WD/WC series Class 10 model W-02 version 2.00.02 and later, restrict access to the LAN to minimize the risk of exploitation. For Toshiba FlashAir SD-WE series Class 10 model W-03, avoid using "Internet pass-thru Mode" until the issue is resolved. For Toshiba FlashAir II Class 10 model W-02 series version 2.00.02 and later, restrict access to the STA side LAN to prevent unauthorized access. For Toshiba FlashAir III Class 10 model W-03 series, consider implementing additional authentication measures for the "Internet pass-thru Mode". For Toshiba FlashAir W-02 series Class 10 model version 2.00.02 and later, disable "Internet pass-thru Mode" as a temporary workaround. For Toshiba FlashAir W-03 series Class 10 model, restrict access to the "Internet pass-thru Mode" feature until a fix is available.