Published:2013/09/20  Last Updated:2014/01/29

JVN#40079308
SEIL Series routers vulnerable in RADIUS authentication

Overview

SEIL Series routers contain a vulnerability in RADIUS authentication.

Products Affected

  • SEIL/x86 1.00 to 2.80
  • SEIL/X1 1.00 to 4.30
  • SEIL/X2 1.00 to 4.30
  • SEIL/B1 1.00 to 4.30
  • SEIL/Turbo 1.80 to 2.15
  • SEIL/neu 2FE Plus 1.80 to 2.15

Description

The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted.

Impact

An attacker who can intercept communication of RADIUS authentication may take over access to the services.

Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Internet Initiative Japan Inc. Vulnerable 2013/09/20 Internet Initiative Japan Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2013-4708
JVN iPedia JVNDB-2013-000091

Update History

2014/01/29
Information under the section "Other Information" was modified.