[Japanese]

JVNDB-2015-000201

CG-WLBARGS does not properly perform authentication

Overview

CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication.

Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Corega Inc
  • CG-WLBARGS

Impact

An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed.
Solution

[Apply a Workaround]
The following workarounds may mitigate the affects of this vulnerability.

* Disable the remote access function to avoid access to the product from the internet
* Encrypt wireless LAN communications to avoid access to the product from adjacent networks

Note that these workarounds above do not prevent access from wired local networks.
Vendor Information

Corega Inc
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-7792
References

  1. JVN : JVN#51349622
  2. National Vulnerability Database (NVD) : CVE-2015-7792
Revision History

  • [2015/12/25]
      Web page was published
    [2016/01/07]
      References : Content was added

Date Public2015/12/25
Date First Published2015/12/25
Date Last Updated2016/01/07