Tsuyoshi Nagakawa

Name of the Vulnerable Software and Affected Versions: ELECOM LD-PS/U1 (affected versions not specified) Description: The issue is related to improper access control, allowing remote attackers to change the administrative password of the affected device by processing a specially crafted request. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EC-CUBE versions 2.11.0 through 2.12.2 EC-Orange systems deployed before June 29th, 2015 **Description** An issue exists where a user-controlled key can be used to bypass authorization. This can be exploited by sending a crafted HTTP request, potentially allowing a user of the affected shopping website to obtain other users' information. **Recommendations** For EC-CUBE versions 2.11.0 through 2.12.2, update to a version outside of this range to resolve the issue. For EC-Orange systems deployed before June 29th, 2015, ensure deployment after this date to mitigate the risk. As a temporary workaround, consider restricting access to sensitive user information until a patch is available.