Published:2012/06/06 Last Updated:2012/06/06
JVN#24646833
SEIL series fail to restrict access permissions
Overview
SEIL series contain an issue where access permissions are not restricted.
Products Affected
- SEIL/x86 firmware 1.00 to 2.35
- SEIL/X1 firmware 2.30 to 3.75
- SEIL/X2 firmware 2.30 to 3.75
- SEIL/B1 firmware 2.30 to 3.75
Description
SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted.
Impact
An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL filter.
Solution
Update the Software
Update to the latest version of the firmware provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Internet Initiative Japan Inc. | vulnerable | 2012/06/06 | Internet Initiative Japan Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2012.06.06
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | must be attacked from a local segment, such as Ethernet, Bluetooth, and 802.11 attacks |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2012-2632 |
| JVN iPedia |
JVNDB-2012-000059 |