Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000022

[Content Description]
【JNC Technology | All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) - Client-Side Enforcement of Server-Side Security】
(CVE-2026-1363, CVSS: 9.8) The All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) contain a Client-Side Enforcement of Server-Side Security vulnerability. An unauthenticated remote attacker could gain administrator privileges by modifying the webpage front end.

【JNC Technology | All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) - Missing Authentication Vulnerability】
(CVE-2026-1364, CVSS: 9.8) The All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6) contain a Missing Authentication vulnerability. An unauthenticated remote attacker can directly access the system's management functions.

[Affected Platforms]
All-in-One Indoor Air Quality Monitor (IAQS) and Touchscreen 7-inch IoT Early Warning Control System (I6)

[Recommended Actions]
The manufacturer has released a patch for devices using the M4 chip. Devices using the M3 chip do not support the update and are recommended to be replaced. Please contact the manufacturer to confirm the chip used in your device and take appropriate measures.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10652-4cdca-1.html