|
[Japanese]
|
JVNDB-2024-000042
|
Multiple vulnerabilities in RoamWiFi R10
|
|
RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below.
* Active debug code (CWE-489) - CVE-2024-31406
* Insertion of sensitive information into log file (CWE-532) - CVE-2024-32051
Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-31406
|
CVSS V3 Severity:
Base Metrics
6.5 (Medium) [IPA Score]
-
Attack Vector: Adjacent Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: None
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-32051
|
|
|
RoamWiFi Technology Co., Ltd.
- RoamWiFi R10 versions prior to 4.8.45
|
|
|
* An attacker with access to the device may perform unauthorized operations (CVE-2024-31406)
* An attacker with access to the device may obtain sensitive information (CVE-2024-32051)
|
|
[Update the firmware]
The update is applied automatically with Over-The-Air (OTA) function when the device is turned on. Therefore, no action is required from the user.
|
|
RoamWiFi Technology Co., Ltd.
- RoamWiFi Technology Co., Ltd. : RoamWiFi
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
- Information Exposure(CWE-200) [IPA Evaluation]
|
|
- CVE-2024-31406
- CVE-2024-32051
|
|
- JVN : JVN#62737544
|
|
- [2024/04/24]
Web page was published
|
