Headline
CVE-2022-36381: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001
OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
Published:2022/07/29 Last Updated:2022/07/29
Overview
Nintendo Wi-Fi Network Adaptor WAP-001 provided by Nintendo Co.,Ltd. contains multiple vulnerabilities.
Products Affected
- Nintendo Wi-Fi Network Adaptor WAP-001 all versions
Description
Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below.
OS command injection (CWE-78) - CVE-2022-36381
CVSS v3
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 6.8
CVSS v2
AV:A/AC:L/Au:S/C:P/I:P/A:P
Base Score: 5.2
Buffer overflow (CWE-121) - CVE-2022-36293
CVSS v3
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 6.8
CVSS v2
AV:A/AC:L/Au:S/C:P/I:P/A:P
Base Score: 5.2
Impact
- A user who can access the administrative page of the product may execute an arbitrary OS command - CVE-2022-36381
- A user who can access the administrative page of the product may execute an arbitrary code - CVE-2022-36293
Solution
Stop using the product
The developer states that the product is no longer supported, therefore recommends users to stop using the product.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information