VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.

VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.

VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.