18 matches found
JVN#05288621: EasyMail vulnerable to cross-site scripting
EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the software Update the software to the latest version accordin...
Rakuten Mobile Rakuten Casa Trust Management Issue Vulnerability
Rakuten Mobile Rakuten Casa is a small base station from Rakuten Mobile Japan, Inc. A trust management issue vulnerability exists in Rakuten Mobile Rakuten Casa APFV200 and APFV141 versions, which stems from the presence of hard-coded credentials in the application code. An unauthenticated, remot...
JVN#63023305: InBody App vulnerable to information disclosure
InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...
Kangtaike SolarView Compact SV-CPT-MC310 Access Control Error Vulnerability
Kangtaike SolarView Compact is an application system from Kangtaike Japan Inc. which provides photovoltaic power measurement systems. Kangtaike SolarView Compact SV-CPT-MC310 suffers from an access control error vulnerability that could be exploited by an attacker to obtain and/or change settings...
Kangtaike SolarView Compact SV-CPT-MC310 Path Traversal Vulnerability
Kangtaike SolarView Compact is an application from Kangtaike Japan Inc. which provides photovoltaic power measurement systems. Kangtaike SolarView Compact SV-CPT-MC310 suffers from a path traversal vulnerability that could be exploited by an attacker to delete arbitrary files and/or directories o...
Kangtaike SolarView Compact SV-CPT-MC310 Arbitrary File Upload Vulnerability
Kangtaike SolarView Compact is an application system from Kangtaike Japan Inc. Kangtaike SolarView Compact SV-CPT-MC310 contains an arbitrary file upload vulnerability that can be exploited by attackers to upload arbitrary files via an unspecified carrier...
JVN#71329812: WL-330NUL vulnerable to cross-site request forgery
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. Solution Update the...
JVN#33901663: RT-AC87U vulnerable to cross-site scripting
RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...
JVN#34562916: RT-AC1200HP vulnerable to cross-site scripting
RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Firmware Apply the firmware update according to the information...
JVN#73742314: RT-AC68U vulnerable to cross-site scripting
RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...
JVN#89965717: WL-330NUL vulnerable to cross-site scripting
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update the firmware to the latest version according to the...
JVN#69462495: WL-330NUL information management vulnerability
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...
JVN#85359294: WL-330NUL vulnerable to denial-of-service (DoS)
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. Impact An attacker who can access the product may be able to cause a denial-of-service DoS. Solution Update the Firmware Update the firmware to the latest version...
JVN#34489380: WL-330NUL vulnerable to remote command execution
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. Impact An attacker that can access the product may execute an arbitrary command with administrative privileges. Solution Update the Firmware Update the firmware to...
CVE-2014-7255
Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service CPU and traffic consumption via a large number of NTP requests within a short...
JVN#07957080: Dominion KX2-101 vulnerable to denial-of-service (DoS)
Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Impact By receiving a specially crafted packet, the product may be forced to stop responding. Solution Upgrade to Dominion KX2-101 V2 The vulnerability has be...
Authentication flaw
The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...
CVE-2013-4708
The CVE-2013-4708 issue affects SEIL Series routers from Internet Initiative Japan Inc. The vuln arises from predictable random-number generation in the PPP Access Concentrator (PPPAC) when performing RADIUS authentication, allowing remote attackers who can sniff RADIUS traffic to bypass authenti...