Yoshiki Mori

**Name of the Vulnerable Software and Affected Versions** TAKENAKA ENGINEERING CO., LTD. digital video recorders (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TAKENAKA ENGINEERING CO., LTD. digital video recorders (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is an OS command injection vulnerability in multiple digital video recorders. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BUFFALO wireless LAN routers and wireless LAN repeaters (affected versions not specified) **Description** An OS command injection issue exists, allowing an arbitrary OS command to be executed if a specially crafted request is sent to the product's management page after logging in. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** First Corporation's DVRs (affected versions not specified) **Description** A missing authentication for critical function issue allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. **Recommendations** For Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB, apply the provided updates. For other products, apply the workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** First Corporation's DVRs versions of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB (affected versions not specified, but updates are provided only for Late models) **Description** The issue is related to a hard-coded password in First Corporation's DVRs, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. **Recommendations** For Late models of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB, apply the available updates. For other products, apply the provided workaround. As a temporary workaround, consider restricting access to the device's configuration information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CBC products (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Note that certain series, including NR4H, NR8H, NR16H, and several DR series, are no longer supported and will not receive updates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CBC products (affected versions not specified) **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. The NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported and will not receive updates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KB-AHR04D versions prior to 91110.1.101106.78 KB-AHR08D versions prior to 91210.1.101106.78 KB-AHR16D versions prior to 91310.1.101106.78 KB-IRIP04A versions prior to 95110.1.100290.78A KB-IRIP08A versions prior to 95210.1.100290.78A KB-IRIP16A versions prior to 95310.1.100290.78A **Description** A hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this issue is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. **Recommendations** For KB-AHR04D versions prior to 91110.1.101106.78, update to version 91110.1.101106.78 or later. For KB-AHR08D versions prior to 91210.1.101106.78, update to version 91210.1.101106.78 or later. For KB-AHR16D versions prior to 91310.1.101106.78, update to version 91310.1.101106.78 or later. For KB-IRIP04A versions prior to 95110.1.100290.78A, update to version 95110.1.100290.78A or later. For KB-IRIP08A versions prior to 95210.1.100290.78A, update to version 95210.1.100290.78A or later. For KB-IRIP16A versions prior to 95310.1.100290.78A, update to version 95310.1.100290.78A or later.

**Name of the Vulnerable Software and Affected Versions** KB-AHR04D versions prior to 91110.1.101106.78 KB-AHR08D versions prior to 91210.1.101106.78 KB-AHR16D versions prior to 91310.1.101106.78 KB-IRIP04A versions prior to 95110.1.100290.78A KB-IRIP08A versions prior to 95210.1.100290.78A KB-IRIP16A versions prior to 95310.1.100290.78A **Description** An improper authentication issue exists in the KB-AHR series and KB-IRIP series, allowing for the potential execution of arbitrary OS commands or alteration of device settings if exploited. **Recommendations** For KB-AHR04D versions prior to 91110.1.101106.78, update to a version after 91110.1.101106.78. For KB-AHR08D versions prior to 91210.1.101106.78, update to a version after 91210.1.101106.78. For KB-AHR16D versions prior to 91310.1.101106.78, update to a version after 91310.1.101106.78. For KB-IRIP04A versions prior to 95110.1.100290.78A, update to a version after 95110.1.100290.78A. For KB-IRIP08A versions prior to 95210.1.100290.78A, update to a version after 95210.1.100290.78A. For KB-IRIP16A versions prior to 95310.1.100290.78A, update to a version after 95310.1.100290.78A.

**Name of the Vulnerable Software and Affected Versions** UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings due to an improper authentication vulnerability. **Recommendations** For UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. **Recommendations** For UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier, update to a version later than 71x10.1.107112.43A to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier **Description** The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is due to a hidden functionality vulnerability. **Recommendations** For UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier, update to a version later than 71x10.1.107112.43A to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UNIMO digital video recorders versions v1.0.20.13 and earlier UNIMO digital video recorders versions v2.0.20.13 and earlier **Description** The issue is related to the absence of authentication for a critical function in the firmware of UNIMO digital video recorders. This allows a remote attacker to execute arbitrary OS commands by sending a specially crafted request to the affected device's web interface. **Recommendations** For versions v1.0.20.13 and earlier, update to a version that includes authentication for critical functions. For versions v2.0.20.13 and earlier, update to a version that includes authentication for critical functions. As a temporary workaround, consider restricting access to the web interface of the affected devices until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Smart TV Box firmware versions prior to 1300 **Description** The issue allows remote attackers to bypass access restrictions, enabling them to conduct arbitrary operations on the device without the user's intent. This can include installing arbitrary software or changing the device settings via the Android Debug Bridge port 5555/TCP. **Recommendations** For firmware versions prior to 1300, update to version 1300 or later to resolve the issue. As a temporary workaround, consider restricting access to the Android Debug Bridge port 5555/TCP to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BlueStacks App Player versions 3.0.0 through 4.31.55 BlueStacks App Player for macOS version 2.0.0 and later **Description** The issue allows an attacker on the same network segment to bypass access restrictions and gain unauthorized access. **Recommendations** For BlueStacks App Player versions 3.0.0 through 4.31.55, update to a version that contains a fix for this issue. For BlueStacks App Player for macOS version 2.0.0 and later, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.