Published:2023/10/10 Last Updated:2023/10/10
JVNVU#99039725
Multiple vulnerabilities in Micro Research MR-GM series
Overview
MR-GM series provided by Micro Research Ltd. contains multiple vulnerabilities.
Products Affected
All MR-GM2/MR-GM3 models equipped with wireless LAN functionality are affected by these vulnerabilities.
- MR-GM2 firmware Ver. 3.00.03 and earlier
- MR-GM3 series (MR-GM3-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier
Description
MR-GM series provided by Micro Research Ltd. contains multiple vulnerabilities listed below.
Impact
- When the WPS function of the product is enabled, the WPS function may fall into a denial-of-service (DoS) condition by an attacker who has access to the product - CVE-2021-35392, CVE-2021-35393
- When the product performs wireless LAN communication without changing the pre-shared key from the factory-default configuration, the communication can be intercepted by an attacker - CVE-2023-45194
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Micro Research Ltd. | Vulnerability Information on MR-GM series |
References
-
Realtek_APRouter_SDK_Advisory
Realtek AP-Router SDK Advisory (CVE-2021-35392/CVE-2021-35393/CVE-2021-35394/CVE-2021-35395)
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2021-35392, CVE-2021-35393
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported that these old vulnerabilities remain in the product.
JPCERT/CC coordinated with the developer.
CVE-2023-45194
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-45194 |
| JVN iPedia |
|