[Japanese]

JVNDB-2008-000017

Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication

Overview

The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration.

The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE is disabled in the default configuration. This vulnerability may allow a remote attacker to access the web administration interface without authentication.
CVSS Severity (What is CVSS?)

Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


I-O DATA DEVICE
  • WN-APG/R firmware version 1.05J/W and earlier
  • WN-APG/R-S firmware version 1.05J/W and earlier
  • WN-WAPG/R firmware version 2.04 and earlier
  • WN-WAPG/R-S firmware version 2.04 and earlier

Impact

A remote attacker could change the configuration of vulnerable routers or obtain configuration information.
Solution

[Update the Software]

Update to the latest firmware provided by the vendor.

For more information, refer to the vendor's website.

[Change the Setting]

For more information, refer to the vendor's website.
Vendor Information

I-O DATA DEVICE
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#13159997
  2. IPA SECURITY ALERTS : Security Alert for Vulnerability in Multiple I-O DATA Wireless LAN Routers
Revision History

[2008/05/21]
  Web page published

Date Public2008/03/18
Date First Published2008/05/21
Date Last Updated2008/05/21