Published:2024/04/04  Last Updated:2024/04/04

JVNVU#91975826
Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN router MZK-MF300N

Overview

Wireless LAN router MZK-MF300N provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities.

Products Affected

  • MZK-MF300N all firmware versions

Description

Wireless LAN router MZK-MF300N provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below.

  • Active debug code (CWE-489)
    • CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8
    • CVE-2024-30219
  • Command Injection on certain port (CWE-77)
    • CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
    • CVE-2024-30220

Impact

  • If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed (CVE-2024-30219)
  • An unauthenticated attacker may execute an arbitrary command by sending a specially crafted request to certain port (CVE-2024-30220)

Solution

Stop using the product
According to the developer, the affected product is no longer supported. Stop using the product.

Vendor Status

Vendor Status Last Update Vendor Notes
PLANEX COMMUNICATIONS INC. Vulnerable 2024/04/04

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-30219
CVE-2024-30220
JVN iPedia