Published:2023/06/09  Last Updated:2023/06/09

JVN#28412757
Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview

Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities.

Products Affected

  • AC-PD-WAPU v1.05_B04 and earlier
  • AC-PD-WAPUM v1.05_B04 and earlier
  • AC-PD-WAPU-P v1.05_B04P and earlier
  • AC-PD-WAPUM-P v1.05_B04P and earlier
  • AC-WAPU-300 v1.00_B07 and earlier
  • AC-WAPUM-300 v1.00_B07 and earlier
  • AC-WAPU-300-P v1.00_B07 and earlier
  • AC-WAPUM-300-P v1.00_B07 and earlier

Description

Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.

  • Missing authentication for critical function (CWE-306) - CVE-2023-31196
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0
  • OS command injection (CWE-78) - CVE-2023-31198
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 7.2
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:P Base Score: 6.5
  • OS command injection (CWE-78) - CVE-2023-28392
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 7.2
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:P Base Score: 6.5

Impact

  • A remote attacker may obtain sensitive information of the affected products - CVE-2023-31196
  • An arbitrary OS command may be executed if a remote authenticated attacker with an administrative privilege sends a specially crafted request - CVE-2023-31198
  • An arbitrary OS command may be executed by an authenticated user with the administrative privilege - CVE-2023-28392

Solution

Apply the workaround
The developer states that these products are no longer supported, therefore recommends users to apply the following workarounds to mitigate the impacts of these vulnerabilities.

  • Change the initial configuration values
    • Change IP address
  • Change device operation settings
    • Prohibit access from WAN/Wireless interface (Only allow access through the front LAN port)
  • Change filtering configuration
    • Set the MAC address of the client to allow wireless connection
    • Configure VPN, IP filters, etc. to restrict connections from the client
  • Additional mitigation guidance/practices
    • Setup a firewall and run the product behind it
    • Do not access to other websites while logged into the setting page of the product
    • Close the web browser after finishing the operation in the setting page
    • Delete the password for the setting page saved in the web browser

Vendor Status

References

  1. Japan Vulnerability Notes JVNVU#98968780
    OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT

JPCERT/CC Addendum

Note that CVE-2023-28392 vulnerability had been reported to JPCERT/CC by the other reporter, and JPCERT/CC coordinated with the developer and published JVNVU#98968780 separately on 2023 May 16.

Vulnerability Analysis by JPCERT/CC

Credit

MASAHIRO IIDA of LAC Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-31196
CVE-2023-31198
CVE-2023-28392
JVN iPedia JVNDB-2023-000059