[Japanese]

JVNDB-2022-000036

Multiple vulnerabilities in Rakuten Casa

Overview

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.
* Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525
* Improper Access Control (CWE-284) - CVE-2022-28704
* Improper Access Control (CWE-284) - CVE-2022-26834

CVE-2022-29525
Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2022-28704
Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2022-26834
Tagawa, Masaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-28704


CVSS V3 Severity:
Base Metrics 5.9 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 7.1 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-29525


CVSS V3 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-26834
Affected Products


Rakuten Mobile, Inc.
  • Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0

Impact

* An attacker who can obtain information about the product housing may log in with the root privileges and perform arbitrary operations - CVE-2022-29525
* If the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings, a remote attacker may log in with the root privileges and perform arbitrary operations - CVE-2022-28704
* The information stored in the product may be obtained as the product is set to accept HTTP connections from the WAN side by default - CVE-2022-26834
Solution

[Update the software]
According to the developer, the fixed software for these vulnerabilities has been released in August 2021, and in the case where the product housing is properly set in accordance with Terms of Installation, the update is applied automatically.
Vendor Information

Rakuten Mobile, Inc.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
  2. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2022-29525
  2. CVE-2022-28704
  3. CVE-2022-26834
References

  1. JVN : JVN#46892984
Revision History

  • [2022/5/19]
      Web Page was published