Primary

Context

JNC IAQS and I6 Missing Authentication Vulnerability Allowing Unauthenticated Access to Administrative Functions

Vulnerability

A missing authentication vulnerability has been identified in JNC's IAQS and I6 products. This vulnerability allows unauthenticated remote attackers to directly access and operate system administrative functions. The issue arises from a lack of proper authentication mechanisms, enabling unauthorized users to manipulate administrative features remotely.

Impact

Exploitation of this vulnerability allows for unauthorized access to system administrative functionalities, potentially leading to unauthorized changes or management of the system.

Remediation

JNC has released a patch for devices using the M4 chip. However, devices with the M3 chip do not support the update and are recommended to be replaced. Users should contact the vendor to confirm which chip their device uses and take appropriate action.

Added: Jan 23, 2026, 9:22 AM

Updated: Jan 23, 2026, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JNC IAQS and I6 Missing Authentication Vulnerability Allowing Unauthenticated Access to Administrative Functions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating