Published:2018/03/09  Last Updated:2018/03/09

JVN#15201064
Multiple vulnerabilities in CG-WGR1200

Overview

CG-WGR1200 provided by Corega Inc contains multiple vulnerabilities.

Products Affected

  • CG-WGR1200 firmware 2.20 and earlier

Description

CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below.

  • Buffer Overflow (CWE-119) - CVE-2017-10852
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
  • Buffer Overflow (CWE-78) - CVE-2017-10853
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
  • Authentication bypass (CWE-306) - CVE-2017-10854
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8

Impact

  • A user with access to the affected device may execute arbitrary code - CVE-2017-10852
  • A user with access to the affected device may execute an arbitrary command - CVE-2017-10853
  • A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854

Solution

Do not use CG-WGR1200
Stop using CG-WGR1200. According to the developer, there is no plan to provide fix for these vulnerabilities since CG-WGR1200 is no longer supported.

Apply a Workaround
CG-WGR1200 is no longer supported and there is no plan of the fixes for these vulnerabilities being provided. However if you continue to use the device, apply following workarounds to mitigate the impacts of these vulnerabilities.

  • Disable remote connection function to prevent an attacker's remote access to the device
  • Prevent unauthorized access from inside the LAN to the device.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-10852
CVE-2017-10853
CVE-2017-10854
JVN iPedia JVNDB-2018-000024

Update History

2018/03/09
CWE link under the section [Description] was corrected.