JVN#36048131
Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
Overview
Multiple I-O DATA network devices that incorporate IP address setting tool "MagicalFinder" contain an OS command injection vulnerability.
Products Affected
Affected devices are as folllows.
- HDL-XR/XRW series firmware version 2.01 and earlier
- HDL-XR2U/XR2UW series firmware version 2.01 and earlier
- HDL-XV/XVW series firmware version 1.50 and earlier
- HDL-GT series firmware version 1.37 and earlier
- HDL-GTR series firmware version 1.37 and earlier
- HDL-A/AH series firmware version 1.26 and earlier
- HDL2-A/AH series firmware version 1.26 and earlier
- HDL-T series firmware version 1.12 and earlier
- HLS-C series firmware version 1.12 and earlier
- HVL-A/AT/ATA series firmware version 2.04 and earlier
- HVL-S series firmware version 1.00 and earlier
- HFAS1 series firmware version 1.40 and earlier
- WHG-NAPG/A firmware version 1.08 and earlier
- WHG-NAPG/AL firmware version 1.05 and earlier
- WHG-AC1750/A firmware version 3.00 and earlier
- WHG-AC1750/AL firmware version 1.07 and earlier
- WN-AX1167GR firmware version 3.11 and earlier
- WN-GX300GR firmware version 2.00 and earlier
- WNPR2600G firmware version 1.01 and earlier
- WNPR1750G firmware version 1.01 and earlier
- WNPR1167G firmware version 1.00 and earlier
- WNPR1167F firmware version 1.00 and earlier
- WN-AG750DGR firmware version 1.08 and earlier
- WN-G300R firmware version 1.14 and earlier
- WN-G300R3 firmware version 1.04 and earlier
- WN-AG300DGR firmware version 1.05 and earlier
- WN-AC1600DGR firmware version 2.06 and earlier
- WN-AC1167DGR firmware version 1.02 and earlier
- WN-G300EX firmware version 1.01 and earlier
- WN-AC1300EX firmware version 1.02 and earlier
- WN-AC583TRK firmware version 1.05 and earlier
- WN-AC583RK firmware version 1.06 and earlier
- WN-G300SR firmware version 1.00 and earlier
- BX-VP1 firmware version 2.01 and earlier
- GV-NTX1 firmware version 1.02.00 and earlier
- GV-NTX2 firmware version 1.02.00 and earlier
Description
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78).
Impact
An attacker who can log in the affected device may execute an arbitrary OS command.
Solution
Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| I-O DATA DEVICE, INC. | Vulnerable | 2018/02/06 | I-O DATA DEVICE, INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2018-0512 |
| JVN iPedia |
JVNDB-2018-000007 |
Update History
- 2018/02/08
- Fixed spelling error under "Description"