Published:2026/04/23 Last Updated:2026/04/23
JVN#42090270
IP Setting Software may insecurely load Dynamic Link Libraries
Overview
IP Setting Software provided by i-PRO Co., Ltd. may insecurely load Dynamic Link Libraries.
Products Affected
- IP Setting Software prior to V5.20
Description
IP Setting Software provided by i-PRO Co., Ltd. contains the following vulnerability in the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.0
- CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Base Score 7.3
- CVE-2026-34488
Impact
Arbitrary code may be executed with administrative privileges.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| i-PRO Co., Ltd. | Advisory |
| Release Note and Download |
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
i-PRO Co., Ltd. reported this vulnerability to IPA to notify users of its solution through JVN.
JPCERT/CC and i-PRO Co., Ltd. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-34488 |
| JVN iPedia |
JVNDB-2026-000063 |