CVE-2026-1363
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain administrator privileges by manipulating the web front-end of IAQS and I6 systems developed by JNC. It affects all systems running vulnerable versions of these products with default configurations. Attackers can exploit this without any credentials.
💻 Affected Systems
- IAQS
- I6
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with administrative control, allowing data theft, system manipulation, and lateral movement within the network.
Likely Case
Unauthorized administrative access leading to data exfiltration, configuration changes, and potential ransomware deployment.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external exploitation, though internal threats remain.
🎯 Exploit Status
Client-side manipulation suggests simple exploitation via browser tools or automated scripts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10653-117a1-2.html
Restart Required: Yes
Instructions:
1. Review vendor advisory 2. Download latest patched version 3. Backup current configuration 4. Apply patch following vendor instructions 5. Restart affected services 6. Verify fix implementation
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to affected systems
iptables -A INPUT -p tcp --dport [WEB_PORT] -s [TRUSTED_IPS] -j ACCEPT
iptables -A INPUT -p tcp --dport [WEB_PORT] -j DROP
Web Application Firewall
allImplement WAF rules to block authentication bypass attempts
🧯 If You Can't Patch
- Isolate affected systems from internet and untrusted networks
- Implement strict network segmentation and monitor for authentication anomalies
🔍 How to Verify
Check if Vulnerable:
Test if unauthenticated requests can access administrative endpoints or modify authentication parametersCheck Version:
Check web interface or system documentation for version informationVerify Fix Applied:
Verify patched version is installed and test that authentication bypass attempts fail📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to admin endpoints
- Multiple failed login attempts followed by successful admin access
- Unusual user agent strings or request patterns
Network Indicators:
- HTTP requests manipulating authentication parameters
- Traffic to admin endpoints from unauthenticated sources
SIEM Query:
source="web_logs" AND (uri="*/admin*" OR uri="*/manage*") AND status=200 AND auth_status="none"