|
[Japanese]
|
JVNDB-2025-014104
|
Multiple vulnerabilities in I-O DATA wireless LAN routers
|
|
Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below.
* Hidden functionality (CWE-912) - CVE-2025-55075
* OS command injection (CWE-78) - CVE-2025-58116
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 7.2 (High) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-58116
|
CVSS V3 Severity:
Base Metrics:4.9 (Medium) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-55075
|
|
|
I-O DATA DEVICE, INC.
- WN-7D36QR firmware Ver.1.1.3 and prior versions
- WN-7D36QR/UE firmware Ver.1.1.3 and prior versions
|
|
|
* SSH may be enabled by a remote authenticated attacker (CVE-2025-55075)
* An arbitrary OS command may be executed by a remote authenticated attacker (CVE-2025-58116)
|
|
[Update the Firmware]
Update the firmware to the latest version according to the information provided by the developer.
The developer has released the following version that addresses these vulnerabilities.
* WN-7D36QR and WN-7D36QR/UE firmware Ver.2.1.3
|
|
I-O DATA DEVICE, INC.
|
|
- OS Command Injection(CWE-78) [Other]
- Hidden Functionality(CWE-912) [Other]
|
|
- CVE-2025-55075
- CVE-2025-58116
|
|
- JVN : JVNVU#97490987
|
|
- [2025/09/19]
Web page was published
|
