Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-45194: Multiple vulnerabilities in Micro Research MR-GM series

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

CVE
#vulnerability#dos#auth

Published:2023/10/10 Last Updated:2023/10/10

Overview

MR-GM series provided by Micro Research Ltd. contains multiple vulnerabilities.

Products Affected

All MR-GM2/MR-GM3 models equipped with wireless LAN functionality are affected by these vulnerabilities.

  • MR-GM2 firmware Ver. 3.00.03 and earlier
  • MR-GM3 series (MR-GM3-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier

MR-GM3L series is not affected by these vulnerabilities.

Description

MR-GM series provided by Micro Research Ltd. contains multiple vulnerabilities listed below.

  • Out-of-bounds write (CWE-787) - CVE-2021-35392, CVE-2021-35393

    CVSS v3

    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    Base Score: 4.3

  • Use of default credentials (CWE-1392) - CVE-2023-45194

    CVSS v3

    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

    Base Score: 6.1

Impact

  • When the WPS function of the product is enabled, the WPS function may fall into a denial-of-service (DoS) condition by an attacker who has access to the product - CVE-2021-35392, CVE-2021-35393
  • When the product performs wireless LAN communication without changing the pre-shared key from the factory-default configuration, the communication can be intercepted by an attacker - CVE-2023-45194

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Vendor Status

References

  1. Realtek_APRouter_SDK_Advisory
    Realtek AP-Router SDK Advisory (CVE-2021-35392/CVE-2021-35393/CVE-2021-35394/CVE-2021-35395)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-35392, CVE-2021-35393
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported that these old vulnerabilities remain in the product.
JPCERT/CC coordinated with the developer.

CVE-2023-45194
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert

JPCERT Reports

CERT Advisory

CPNI Advisory

TRnotes

CVE

CVE-2023-45194

JVN iPedia

Related news

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical

Critical Realtek Vulnerability Impacting IoT Devices Worldwide

By Deeba Ahmed This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers. This is a post from HackRead.com Read the original post: Critical Realtek Vulnerability Impacting IoT Devices Worldwide

Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices

Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907