Published:2017/06/20  Last Updated:2017/06/22

JVN#24348065
Multiple vulnerabilities in HOME SPOT CUBE2

Overview

HOME SPOT CUBE2 provided by KDDI CORPORATION contains multiple vulnerabilities.

Products Affected

  • HOME SPOT CUBE2 firmware ​V101 and earlier

Description

HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below.

  • OS command injection in Clock Settings (CWE-78) - CVE-2017-2183
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Buffer overflow in WebUI (CWE-119) - CVE-2017-2184
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
  • OS command injection in WebUI (CWE-78) - CVE-2017-2185
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Improper authentication in WebUI (CWE-287) - CVE-2017-2186
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score: 6.5
    CVSS v2 AV:A/AC:L/Au:N/C:N/I:P/A:N Base Score: 3.3

Impact

The impact of each vulnerability is as follows.

  • An arbitrary OS command may be executed by an attacker who can access the management screen of the product -- CVE-2017-2183, CVE-2017-2185
  • Arbitrary code may be executed by an attacker who can access the management screen of the product -- CVE-2017-2184
  • Firmware may be altered by an attacker who can access the management screen of the product -- CVE-2017-2186

Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

Vendor Status

Vendor Link
KDDI CORPORATION About Firmware update for HOME SPOT CUBE2

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-2183
CVE-2017-2184
CVE-2017-2185
CVE-2017-2186
JVN iPedia JVNDB-2017-000135
JVNDB-2017-000136
JVNDB-2017-000137
JVNDB-2017-000138