[Japanese]

JVNDB-2012-000010

Pocket WiFi (GP02) vulnerable to cross-site request forgery

Overview

Pocket WiFi (GP02) contains a cross-site request forgery vulnerability.

Pocket WiFi (GP02) provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi (GP02) contains a cross-site request forgery vulnerability.

Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


eAccess Ltd.
  • Pocket WiFi (GP02) firmware version 11.203.11.05.168 and earlier earlier

Impact

If a user views a malicious page while logged in, settings of Pocket WiFi (GP02) may be initialized, or Pocket WiFi (GP02) may be rebooted.
Solution

[Update the Software]
Update to the latest version of the firmware provided by the developer.
Vendor Information

eAccess Ltd.
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-0314
References

  1. JVN : JVN#33021167
  2. National Vulnerability Database (NVD) : CVE-2012-0314
Revision History

[2012/02/01]
  Web page was published