CVE-2023-31198: Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Published:2023/06/09 Last Updated:2023/06/09

Overview

Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities.

Products Affected

• AC-PD-WAPU v1.05_B04 and earlier
• AC-PD-WAPUM v1.05_B04 and earlier
• AC-PD-WAPU-P v1.05_B04P and earlier
• AC-PD-WAPUM-P v1.05_B04P and earlier
• AC-WAPU-300 v1.00_B07 and earlier
• AC-WAPUM-300 v1.00_B07 and earlier
• AC-WAPU-300-P v1.00_B07 and earlier
• AC-WAPUM-300-P v1.00_B07 and earlier

Description

Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.

• Missing authentication for critical function (CWE-306) - CVE-2023-31196

  CVSS v3

  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

  Base Score: 7.5

  CVSS v2

  AV:N/AC:L/Au:N/C:P/I:N/A:N

  Base Score: 5.0

• OS command injection (CWE-78) - CVE-2023-31198

  CVSS v3

  CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

  Base Score: 7.2

  CVSS v2

  AV:N/AC:L/Au:S/C:P/I:P/A:P

  Base Score: 6.5

• OS command injection (CWE-78) - CVE-2023-28392

  CVSS v3

  CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

  Base Score: 7.2

  CVSS v2

  AV:N/AC:L/Au:S/C:P/I:P/A:P

  Base Score: 6.5

Impact

• A remote attacker may obtain sensitive information of the affected products - CVE-2023-31196
• An arbitrary OS command may be executed if a remote authenticated attacker with an administrative privilege sends a specially crafted request - CVE-2023-31198
• An arbitrary OS command may be executed by an authenticated user with the administrative privilege - CVE-2023-28392

Solution

Apply the workaround
The developer states that these products are no longer supported, therefore recommends users to apply the following workarounds to mitigate the impacts of these vulnerabilities.

• Change the initial configuration values
  • Change IP address
• Change device operation settings
  • Prohibit access from WAN/Wireless interface (Only allow access through the front LAN port)
• Change filtering configuration
  • Set the MAC address of the client to allow wireless connection
  • Configure VPN, IP filters, etc. to restrict connections from the client
• Additional mitigation guidance/practices
  • Setup a firewall and run the product behind it
  • Do not access to other websites while logged into the setting page of the product
  • Close the web browser after finishing the operation in the setting page
  • Delete the password for the setting page saved in the web browser

Vendor Status

References

1. Japan Vulnerability Notes JVNVU#98968780
   OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT

JPCERT/CC Addendum

Note that CVE-2023-28392 vulnerability had been reported to JPCERT/CC by the other reporter, and JPCERT/CC coordinated with the developer and published JVNVU#98968780 separately on 2023 May 16.

Vulnerability Analysis by JPCERT/CC

Credit

MASAHIRO IIDA of LAC Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information