CG-WLBARGS does not properly perform authentication


CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication.

Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete

CVSS V3 Severity:
Base Metrics: 9.8 (Critical) [IPA Score]
  • Access Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

Corega Inc


An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed.

[Apply a Workaround]
The following workarounds may mitigate the affects of this vulnerability.

* Disable the remote access function to avoid access to the product from the internet
* Encrypt wireless LAN communications to avoid access to the product from adjacent networks

Note that these workarounds above do not prevent access from wired local networks.
Vendor Information

Corega Inc
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-7792

  1. JVN : JVN#51349622
  2. National Vulnerability Database (NVD) : CVE-2015-7792
Revision History

  Web page was published
  References : Content was added