Published:2024/11/12 Last Updated:2024/11/25
JVNVU#90676195
Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B
Overview
Mesh Wi-Fi router RP562B provided by SoftBank Corp. contains multiple vulnerabilities.
Products Affected
- Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier
Description
Mesh Wi-Fi router RP562B provided by SoftBank Corp. contains multiple vulnerabilities listed below.
- Active debug code (CWE-489)
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score 4.6
- CVE-2024-29075
- OS command injection (CWE-78)
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
- CVE-2024-45827
- Exposure of sensitive system information to an unauthorized control sphere (CWE-497)
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 3.5
- CVE-2024-47799
Impact
- An authenticated attacker may obtain or alter the settings of the device (CVE-2024-29075)
- An authenticated attacker may execute an arbitrary OS command (CVE-2024-45827)
- An authenticated attacker may obtain information about devices connected through the Wi-Fi (CVE-2024-47799)
Solution
Update the firmware
According to the developer, the firmware that fixes these vulnerabilities is applied automatically.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2024-29075 |
CVE-2024-45827 |
|
CVE-2024-47799 |
|
JVN iPedia |
|
Update History
- 2024/11/25
- Information under the section [Description] was updated