|
[Japanese]
|
JVNDB-2023-009966
|
FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection Critical
|
|
"AE1021PE" and "AE1021" provided by FXC Inc. are information outlet-based wireless LAN routers.
"AE1021PE" and "AE1021" contain an OS command injection vulnerability (CWE-78).
JPCERT/CC has confirmed the communication which exploits this vulnerability.
Ryu Kuki, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
And almost at the same time, The Akamai SIRT reported this vulnerability to CISA. JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 8.0 (High) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
FXC Inc.
- Wireless LAN router AE1021 firmware version 2.0.9 and earlier
- Wireless LAN router AE1021PE firmware version 2.0.9 and earlier
|
|
|
An arbitrary OS command may be executed by an attacker who can log in to the product.
|
|
[Update the Firmware and Apply the appropriate settings]
The developer has released firmware 2.0.10 that addresses this vulnerability.
Update the firmware to 2.0.10, and apply the the following settings.
* Reset "Factory setting" and change the default management screen login password
For more information, refer to the information provided by the developer.
|
|
FXC Inc.
|
|
- OS Command Injection(CWE-78) [Other]
|
|
- CVE-2023-49897
|
|
- JVN : JVNVU#92152057
- National Vulnerability Database (NVD) : CVE-2023-49897
- CISA Known Exploited Vulnerabilities Catalog : CVE-2023-49897
- ICS-CERT ADVISORY : ICSA-23-355-01
- Related document : Actively Exploited Vulnerability in FXC Routers: Fixed, Patches Available
|
|
- [2023/12/07]
Web page was published
- [2023/12/22]
References : Content were added
|
