|
[Japanese]
|
JVNDB-2024-003016
|
Multiple vulnerabilities in home gateway HGW BL1500HM
|
|
Home gateway HGW BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below.
* Use of weak credentials (CWE-1391) - CVE-2024-21865, CVE-2024-29071
* Command injection (CWE-77) - CVE-2024-28041
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-28041
|
CVSS V3 Severity:
Base Metrics:6.5 (Medium) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-21865, CVE-2024-29071
|
|
|
KDDI
- HGW BL1500HM firmware Ver 002.001.013 and earlier
|
|
|
* An attacker may connect via SSH and use a shell - CVE-2024-21865
* An attacker may execute arbitrary commands - CVE-2024-28041
* An attacker may change the system settings - CVE-2024-29071
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
The developer fixed these vulnerabilities in HGW BL1500HM Ver 002.001.019.
|
|
KDDI
|
|
- Use of Weak Credentials(CWE-1391) [Other]
- Command Injection(CWE-77) [Other]
|
|
- CVE-2024-21865
- CVE-2024-28041
- CVE-2024-29071
|
|
- JVN : JVNVU#93546510
|
|
- [2024/03/25]
Web page was published
|
