Headline
CVE-2022-29525: Multiple vulnerabilities in Rakuten Casa
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
Published:2022/05/19 Last Updated:2022/05/19
Overview
Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities.
Products Affected
- Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0
Description
Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.
Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525
CVSS v3
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 5.9
CVSS v2
AV:N/AC:M/Au:N/C:C/I:N/A:N
Base Score: 7.1
Improper Access Control (CWE-284) - CVE-2022-28704
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 7.5
CVSS v2
V:N/AC:L/Au:N/C:C/I:N/A:N
Base Score: 7.8
Improper Access Control (CWE-284) - CVE-2022-26834
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 7.5
CVSS v2
AV:N/AC:L/Au:N/C:C/I:N/A:N
Base Score: 7.8
Impact
- An attacker who can obtain information about the product housing may log in with the root privileges and perform arbitrary operations - CVE-2022-29525
- If the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings, a remote attacker may log in with the root privileges and perform arbitrary operations - CVE-2022-28704
- The information stored in the product may be obtained as the product is set to accept HTTP connections from the WAN side by default - CVE-2022-26834
Solution
Update the software
According to the developer, the fixed software for these vulnerabilities has been released in August 2021, and in the case where the product housing is properly set in accordance with Terms of Installation, the update is applied automatically.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2022-29525
Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-28704
Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-26834
Tagawa, Masaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information