Ushimaru Hayato

**Name of the Vulnerable Software and Affected Versions** TAKENAKA ENGINEERING CO., LTD. digital video recorders (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is an OS command injection vulnerability in multiple digital video recorders. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TAKENAKA ENGINEERING CO., LTD. digital video recorders (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CBC products (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. The NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported and will not receive updates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CBC products (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Note that certain series, including NR4H, NR8H, NR16H, and several DR series, are no longer supported and will not receive updates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KB-AHR04D versions prior to 91110.1.101106.78 KB-AHR08D versions prior to 91210.1.101106.78 KB-AHR16D versions prior to 91310.1.101106.78 KB-IRIP04A versions prior to 95110.1.100290.78A KB-IRIP08A versions prior to 95210.1.100290.78A KB-IRIP16A versions prior to 95310.1.100290.78A **Description** A hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this issue is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. **Recommendations** For KB-AHR04D versions prior to 91110.1.101106.78, update to version 91110.1.101106.78 or later. For KB-AHR08D versions prior to 91210.1.101106.78, update to version 91210.1.101106.78 or later. For KB-AHR16D versions prior to 91310.1.101106.78, update to version 91310.1.101106.78 or later. For KB-IRIP04A versions prior to 95110.1.100290.78A, update to version 95110.1.100290.78A or later. For KB-IRIP08A versions prior to 95210.1.100290.78A, update to version 95210.1.100290.78A or later. For KB-IRIP16A versions prior to 95310.1.100290.78A, update to version 95310.1.100290.78A or later.

**Name of the Vulnerable Software and Affected Versions** KB-AHR04D versions prior to 91110.1.101106.78 KB-AHR08D versions prior to 91210.1.101106.78 KB-AHR16D versions prior to 91310.1.101106.78 KB-IRIP04A versions prior to 95110.1.100290.78A KB-IRIP08A versions prior to 95210.1.100290.78A KB-IRIP16A versions prior to 95310.1.100290.78A **Description** An improper authentication issue exists in the KB-AHR series and KB-IRIP series, allowing for the potential execution of arbitrary OS commands or alteration of device settings if exploited. **Recommendations** For KB-AHR04D versions prior to 91110.1.101106.78, update to a version after 91110.1.101106.78. For KB-AHR08D versions prior to 91210.1.101106.78, update to a version after 91210.1.101106.78. For KB-AHR16D versions prior to 91310.1.101106.78, update to a version after 91310.1.101106.78. For KB-IRIP04A versions prior to 95110.1.100290.78A, update to a version after 95110.1.100290.78A. For KB-IRIP08A versions prior to 95210.1.100290.78A, update to a version after 95210.1.100290.78A. For KB-IRIP16A versions prior to 95310.1.100290.78A, update to a version after 95310.1.100290.78A.

**Name of the Vulnerable Software and Affected Versions** UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is due to a hidden functionality vulnerability. **Recommendations** For UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier, update to a version later than 71x10.1.107112.43A to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings due to an improper authentication vulnerability. **Recommendations** For UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. **Recommendations** For UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier, update to a version later than 71x10.1.107112.43A to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** UNIMO digital video recorders versions v1.0.20.13 and earlier UNIMO digital video recorders versions v2.0.20.13 and earlier **Description** The issue is related to the absence of authentication for a critical function in the firmware of UNIMO digital video recorders. This allows a remote attacker to execute arbitrary OS commands by sending a specially crafted request to the affected device's web interface. **Recommendations** For versions v1.0.20.13 and earlier, update to a version that includes authentication for critical functions. For versions v2.0.20.13 and earlier, update to a version that includes authentication for critical functions. As a temporary workaround, consider restricting access to the web interface of the affected devices until a patch is available.