Published:2022/07/29  Last Updated:2022/07/29

JVN#17625382
Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Overview

Nintendo Wi-Fi Network Adaptor WAP-001 provided by Nintendo Co.,Ltd. contains multiple vulnerabilities.

Products Affected

  • Nintendo Wi-Fi Network Adaptor WAP-001 all versions

Description

Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below.

  • OS command injection (CWE-78) - CVE-2022-36381
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Buffer overflow (CWE-121) - CVE-2022-36293
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2

Impact

  • A user who can access the administrative page of the product may execute an arbitrary OS command - CVE-2022-36381
  • A user who can access the administrative page of the product may execute an arbitrary code - CVE-2022-36293

Solution

Stop using the product
The developer states that the product is no longer supported, therefore recommends users to stop using the product.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-36381
CVE-2022-36293
JVN iPedia JVNDB-2022-000056