Published:2013/09/20 Last Updated:2014/01/29
JVN#40079308
SEIL Series routers vulnerable in RADIUS authentication
Overview
SEIL Series routers contain a vulnerability in RADIUS authentication.
Products Affected
- SEIL/x86 1.00 to 2.80
- SEIL/X1 1.00 to 4.30
- SEIL/X2 1.00 to 4.30
- SEIL/B1 1.00 to 4.30
- SEIL/Turbo 1.80 to 2.15
- SEIL/neu 2FE Plus 1.80 to 2.15
Description
The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted.
Impact
An attacker who can intercept communication of RADIUS authentication may take over access to the services.
Solution
Update the Firmware
Apply the appropriate firmware update provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Internet Initiative Japan Inc. | Vulnerable | 2013/09/20 | Internet Initiative Japan Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-4708 |
| JVN iPedia |
JVNDB-2013-000091 |
Update History
- 2014/01/29
- Information under the section "Other Information" was modified.