[Japanese]

JVNDB-2024-012941

Multiple vulnerabilities in Rakuten Turbo 5G

Overview

Rakuten Turbo 5G provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.

* Missing authentication for critical function (CWE-306) - CVE-2024-47865
* OS command injection (CWE-78) - CVE-2024-48895
* Exposure of sensitive system information to an unauthorized control sphere (CWE-497) - CVE-2024-52033

Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-48895

CVSS V3 Severity:
Base Metrics:5.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-47865

CVSS V3 Severity:
Base Metrics:5.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-52033
Affected Products


Rakuten Mobile, Inc.
  • Rakuten Turbo 5G firmware version V1.3.18 and earlier

Impact

* An unauthenticated attacker may update or downgrade the firmware on the device (CVE-2024-47865)
* An authenticated attacker may execute an arbitrary OS command (CVE-2024-48895)
* An unauthenticated attacker may obtain information about devices connected through the Wi-Fi (CVE-2024-52033)
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
Vendor Information

Rakuten Mobile, Inc.
CWE (What is CWE?)

  1. Missing Authentication for Critical Function(CWE-306) [Other]
  2. Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497) [Other]
  3. OS Command Injection(CWE-78) [Other]
CVE (What is CVE?)

  1. CVE-2024-47865
  2. CVE-2024-48895
  3. CVE-2024-52033
References

  1. JVN : JVNVU#90667116
Revision History

  • [2024/11/19]
      Web page was published

Date Public2024/11/18
Date First Published2024/11/19
Date Last Updated2024/11/19