JVN#11230428
+F FS010M vulnerable to OS command injection
Overview
+F FS010M provided by FUJI SOFT INCORPORATED contains an OS command injection vulnerability.
Products Affected
CVE-2025-24306
- +F FS010M versions prior to V2.0.0_1101
- +F FS010M versions prior to V2.0.1_1101
Description
+F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below.
Impact
An arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege. (CVE-2025-24306)
An arbitrary OS command may be executed by a remote authenticated attacker. (CVE-2025-25220)
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer has released the updates listed below that address these vulnerabilities.
CVE-2025-24306
- +F FS010M V2.0.0_1101
- +F FS010M V2.0.1_1101
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| FUJI SOFT INCORPORATED | Vulnerable | 2025/03/18 | FUJI SOFT INCORPORATED website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Takeshi Kuramori of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2025-24306 |
|
CVE-2025-25220 |
|
| JVN iPedia |
JVNDB-2025-000020 |