[Japanese]

JVNDB-2014-000140

LG Electronics mobile access routers lack access restrictions

Overview

LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface.

Taiga Asano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 3.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


LG Electronics
  • L-03E
  • L-04D
  • L-09C

Impact

An attacker that can access the device may bypass authentication and obtain information stored on the device.
Solution

[Apply an Update]
Apply the update according to the information provided by the provider.
Vendor Information

NTT DOCOMO, INC.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-7243
References

  1. JVN : JVN#71762315
  2. National Vulnerability Database (NVD) : CVE-2014-7243
Revision History

[2014/12/02]
  Web page was published
[2014/12/08]
  References : Content was added