| TVN ID | TVN-202601009 |
|---|---|
| CVE ID | CVE-2026-1363, CVE-2026-1364 |
| CVSS | CVE-2026-1363: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-1364: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | IAQS and I6 |
| Description | CVE-2026-1363: IAQS and I6 has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end. CVE-2026-1364: IAQS and I6 has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities. |
| Solution | The vendor has released a patch for devices using the M4 chip. Devices using the M3 chip do not support the update and are recommended to be replaced. Please contact the vendor to confirm which chip the device uses and take the appropriate actions accordingly. |
| Credit | Yu-Chieh Kuo, Li-Fan Cheng, Shi-Yi Xie(NICS) |
| Public Date | 2026-01-23 |
:::