Published: 2021/05/13  Last Updated: 2021/05/13

Information from NIPPON ANTENNA Co.,Ltd.

Vulnerability ID:JVN#13076220
Title:RFNTPS vulnerable to OS command injection

This is a statement from the vendor itself with no modification by JPCERT/CC.

■Target Product
[Product name] Terrestrial Receiving Type NTP Server [Model No.] RFNTPS [JAN Code] 4962636819751

■Extent of the impact
Although the assumed impact varies depending on the vulnerability, this product may be affected as follows.
・Third party may remotely change the settings of this product or get information from this product.
・Files are uploaded into the product and the uploaded files are executed.

■Target version
System_01000004, Web_01000004, and previous versions

■Corrective action
Please download the remediated file from our HP and follow the update procedure manual for RFNTPS to implement the firmware update.
Version of implemented security measures: System_01000005, Web_01000005 or later

Please confirm and apply the following three items after updated.
・Please change the factory password to your own setting when you start to use
this product. (Be sure to apply to augment network security.)
・Avoid using the above products on public wireless LAN (public Wi-Fi, etc.).
・If this product need to connect to external network, restrict access from the
external network by inserting broadband routers between external network and
this product.

■Contact info for Inquiries
Customer Service Center, Nippon Antenna Co., Ltd.
Telephone number: 0570-091-039 (Navi dial)
Reception hours: 9:00-12:00 and 13:00-17:30
Monday through Friday (excluding Saturdays, Sundays, public holidays, summer holidays, year-end and New Year holidays)