[Japanese]

JVNDB-2014-000055

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview

The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to an issue in processing certain packets. (CWE-119)
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial

Affected Products


Internet Initiative Japan Inc.
  • SEIL/B1 firmware 1.00 to 4.50
  • SEIL/neu 2FE Plus firmware 1.80 to 2.17
  • SEIL/Turbo firmware 1.80 to 2.17
  • SEIL/X1 firmware 1.00 to 4.50
  • SEIL/X2 firmware 1.00 to 4.50
  • SEIL/x86 firmware 1.00 to 3.10
  • SEIL/B1
  • SEIL/neu 2FE Plus
  • SEIL/Turbo
  • SEIL/X1
  • SEIL/X2
  • SEIL/x86

Impact

By receiving a specially crafted TCP packet, a session established using PPPAC may be disconnected or stop accepting connections.
Solution

[Update the Firmware]
Apply the appropriate firmware update provided by the developer.

[Apply a workaround]
According to the developer, updated firmware for SEIL/Turbo and SEIL/neu 2FE Plus are still being developed.
If using either of these products, apply the appropriate workarounds according to the information provided by the developer.
Vendor Information

Internet Initiative Japan Inc.
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-2004
References

  1. JVN : JVN#10724763
  2. National Vulnerability Database (NVD) : CVE-2014-2004
Revision History

[2014/06/13]
  Web page was published
[2014/06/17]
  Affected Products was modified
  References : Content was added