From 9adc352b7f0a8092350a3ac5edbd11964590c8df Mon Sep 17 00:00:00 2001 From: Takayuki Uchiyama Date: Fri, 1 Dec 2017 17:13:50 +0900 Subject: [PATCH] jpcert20171201 batch --- 2017/10xxx/CVE-2017-10861.json | 78 ++++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10874.json | 78 ++++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10891.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10892.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10894.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10895.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10898.json | 85 +++++++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10899.json | 85 +++++++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10900.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10901.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10902.json | 75 +++++++++++++++++++++++------- 2017/10xxx/CVE-2017-10903.json | 75 +++++++++++++++++++++++------- 12 files changed, 722 insertions(+), 204 deletions(-) diff --git a/2017/10xxx/CVE-2017-10861.json b/2017/10xxx/CVE-2017-10861.json index 08d0bd8ccc1..d59acc71b55 100644 --- a/2017/10xxx/CVE-2017-10861.json +++ b/2017/10xxx/CVE-2017-10861.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10861", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10861", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QualitySoft Corporation", + "product": { + "product_data": [ + { + "product_name": "QND Advance/Standard", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Directory traversal" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"http://www.qualitysoft.com/qnd_vulnerabilities" + }, + { + "url":"https://jvn.jp/en/vu/JVNVU94198685/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via via a specially crafted command." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10874.json b/2017/10xxx/CVE-2017-10874.json index 5385f1462a0..4e8f6539d52 100644 --- a/2017/10xxx/CVE-2017-10874.json +++ b/2017/10xxx/CVE-2017-10874.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10874", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10874", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION", + "product": { + "product_data": [ + { + "product_name": "PWR-Q200", + "version": { + "version_data": [ + { + "version_value": "all firmware versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Use of Insufficiently Random Values" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"http://web116.jp/shop/hikari_p/q200/q200_00.html" + }, + { + "url":"https://jvn.jp/en/jp/JVN73141967/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10891.json b/2017/10xxx/CVE-2017-10891.json index 936e103ac95..f44f97cc92f 100644 --- a/2017/10xxx/CVE-2017-10891.json +++ b/2017/10xxx/CVE-2017-10891.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10891", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sony Video & Sound Products Inc.", + "product": { + "product_data": [ + { + "product_name": "Media Go", + "version": { + "version_data": [ + { + "version_value": "version 3.2.0.191 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Untrusted search path vulnerability" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN08517069/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10892.json b/2017/10xxx/CVE-2017-10892.json index 4e5c76952c9..c7a1a208ba0 100644 --- a/2017/10xxx/CVE-2017-10892.json +++ b/2017/10xxx/CVE-2017-10892.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10892", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sony Video & Sound Products Inc.", + "product": { + "product_data": [ + { + "product_name": "Music Center for PC", + "version": { + "version_data": [ + { + "version_value": "version 1.0.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Untrusted search path vulnerability" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN08517069/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10894.json b/2017/10xxx/CVE-2017-10894.json index 2fa2823b1f6..856b8172818 100644 --- a/2017/10xxx/CVE-2017-10894.json +++ b/2017/10xxx/CVE-2017-10894.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10894", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tomoki Sanaki", + "product": { + "product_data": [ + { + "product_name": "StreamRelay.NET.exe", + "version": { + "version_data": [ + { + "version_value": "ver2.14.0.7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Denial-of-service (DoS)" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN71291160/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10895.json b/2017/10xxx/CVE-2017-10895.json index 5bb3c64a1e9..c5bfb4ea889 100644 --- a/2017/10xxx/CVE-2017-10895.json +++ b/2017/10xxx/CVE-2017-10895.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10895", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10895", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tomoki Sanaki", + "product": { + "product_data": [ + { + "product_name": "sDNSProxy.exe", + "version": { + "version_data": [ + { + "version_value": "ver1.1.0.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Denial-of-service (DoS)" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN71291160/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10898.json b/2017/10xxx/CVE-2017-10898.json index d2707d3e618..c8ecb1b0254 100644 --- a/2017/10xxx/CVE-2017-10898.json +++ b/2017/10xxx/CVE-2017-10898.json @@ -1,18 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10898", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Princeton Ltd.", + "product": { + "product_data": [ + { + "product_name": "A-Member", + "version": { + "version_data": [ + { + "version_value": "versions 3.8.6 and earlier" + } + ] + } + }, + { + "product_name": "A-Member for MT cloud", + "version": { + "version_data": [ + { + "version_value": "versions 3.8.6 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"SQL Injection" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN78501037/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10899.json b/2017/10xxx/CVE-2017-10899.json index 4a0d7e67136..27b4ddd2225 100644 --- a/2017/10xxx/CVE-2017-10899.json +++ b/2017/10xxx/CVE-2017-10899.json @@ -1,18 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10899", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Princeton Ltd.", + "product": { + "product_data": [ + { + "product_name": "A-Reserve", + "version": { + "version_data": [ + { + "version_value": "versions 3.8.6 and earlier" + } + ] + } + }, + { + "product_name": "A-Reserve for MT cloud", + "version": { + "version_data": [ + { + "version_value": "versions 3.8.6 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"SQL Injection" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN78501037/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10900.json b/2017/10xxx/CVE-2017-10900.json index 89949aec2f2..b133365c2c5 100644 --- a/2017/10xxx/CVE-2017-10900.json +++ b/2017/10xxx/CVE-2017-10900.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10900", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Princeton Ltd.", + "product": { + "product_data": [ + { + "product_name": "PTW-WMS1", + "version": { + "version_data": [ + { + "version_value": "firmware version 2.000.012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Fails to restrict access" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN98295787/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10901.json b/2017/10xxx/CVE-2017-10901.json index 5ac38658f16..a0913b162e8 100644 --- a/2017/10xxx/CVE-2017-10901.json +++ b/2017/10xxx/CVE-2017-10901.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10901", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Princeton Ltd.", + "product": { + "product_data": [ + { + "product_name": "PTW-WMS1", + "version": { + "version_data": [ + { + "version_value": "firmware version 2.000.012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Buffer Overflow" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN98295787/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10902.json b/2017/10xxx/CVE-2017-10902.json index 34b16785a13..2968ca7cf42 100644 --- a/2017/10xxx/CVE-2017-10902.json +++ b/2017/10xxx/CVE-2017-10902.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10902", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Princeton Ltd.", + "product": { + "product_data": [ + { + "product_name": "PTW-WMS1", + "version": { + "version_data": [ + { + "version_value": "firmware version 2.000.012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"OS Command Injection" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN98295787/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10903.json b/2017/10xxx/CVE-2017-10903.json index 5a83f237b88..46ba74f9d1c 100644 --- a/2017/10xxx/CVE-2017-10903.json +++ b/2017/10xxx/CVE-2017-10903.json @@ -1,18 +1,59 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10903", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Princeton Ltd.", + "product": { + "product_data": [ + { + "product_name": "PTW-WMS1", + "version": { + "version_data": [ + { + "version_value": "firmware version 2.000.012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang": "eng", + "value":"Improper authentication" + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://jvn.jp/en/jp/JVN98295787/index.html" + } + ] + }, + "description":{ + "description_data":[ + { + "lang": "eng", + "value":"Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors." + } + ] + } +} \ No newline at end of file