Published:2022/07/29 Last Updated:2022/07/29
JVN#17625382
Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001
Overview
Nintendo Wi-Fi Network Adaptor WAP-001 provided by Nintendo Co.,Ltd. contains multiple vulnerabilities.
Products Affected
- Nintendo Wi-Fi Network Adaptor WAP-001 all versions
Description
Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below.
- OS command injection (CWE-78) - CVE-2022-36381
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8 CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2 - Buffer overflow (CWE-121) - CVE-2022-36293
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8 CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
Impact
- A user who can access the administrative page of the product may execute an arbitrary OS command - CVE-2022-36381
- A user who can access the administrative page of the product may execute an arbitrary code - CVE-2022-36293
Solution
Stop using the product
The developer states that the product is no longer supported, therefore recommends users to stop using the product.
Vendor Status
| Vendor | Link |
| Nintendo Co., Ltd. | Request to stop using "Nintendo Wi-Fi Network Adaptor" and "Nintendo Wi-Fi USB Connector" |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-36381 |
|
CVE-2022-36293 |
|
| JVN iPedia |
JVNDB-2022-000056 |