[Japanese]

JVNDB-2013-000092

SEIL Series routers vulnerable to buffer overflow

Overview

SEIL Series routers contain a buffer overflow vulnerability.

The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages.
CVSS Severity (What is CVSS?)

Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


Internet Initiative Japan Inc.
  • SEIL/B1 firmware 1.00 to 4.31
  • SEIL/neu 2FE Plus firmware 2.05 to 2.15
  • SEIL/Turbo firmware 2.05 to 2.15
  • SEIL/X1 firmware 1.00 to 4.31
  • SEIL/X2 firmware 1.00 to 4.31
  • SEIL/x86 firmware 1.00 to 2.81
  • SEIL/B1
  • SEIL/neu 2FE Plus
  • SEIL/Turbo
  • SEIL/X1
  • SEIL/X2
  • SEIL/x86

Impact

An attacker may execute an arbitrary code on the vulnerable system.
Solution

[Update the Firmware]
Apply the appropriate firmware update provided by the developer.
Vendor Information

Internet Initiative Japan Inc.
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-4709
References

  1. JVN : JVN#43152129
  2. National Vulnerability Database (NVD) : CVE-2013-4709
Revision History

[2013/09/20]
  Web page was published
[2013/09/30]
  References : Content was added