JVN#50775659: CG-WLBARAGM may behave as an open proxy

Overview

CG-WLBARAGM contains an issue where it may behave as an open proxy.

Products Affected

CG-WLBARAGM

Description

CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy.

Impact

The device may be leveraged as a proxy server to conduct cyber attacks.

Solution

Apply a Workaround
The following workaround may mitigate the affects of this issue.

Disable contents filtering

Vendor Status

Vendor	Link
Corega Inc	About the issue that may behave as an open proxy

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Base Score: 5.8

Attack Vector(AV)	Physical (P)	Local (L)	Adjacent (A)	Network (N)
Attack Complexity(AC)	High (H)	Low (L)
Privileges Required(PR)	High (H)	Low (L)	None (N)
User Interaction(UI)	Required (R)	None (N)
Scope(S)	Unchanged (U)	Changed (C)
Confidentiality Impact(C)	None (N)	Low (L)	High (H)
Integrity Impact(I)	None (N)	Low (L)	High (H)
Availability Impact(A)	None (N)	Low (L)	High (H)

CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score: 5.0

Access Vector(AV)	Local (L)	Adjacent Network (A)	Network (N)
Access Complexity(AC)	High (H)	Medium (M)	Low (L)
Authentication(Au)	Multiple (M)	Single (S)	None (N)
Confidentiality Impact(C)	None (N)	Partial (P)	Complete (C)
Integrity Impact(I)	None (N)	Partial (P)	Complete (C)
Availability Impact(A)	None (N)	Partial (P)	Complete (C)

Credit

Akihiro Nakajima of NTT Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2015-7793
JVN iPedia	JVNDB-2015-000202

JVN#50775659 CG-WLBARAGM may behave as an open proxy