Published:2024/10/18  Last Updated:2024/11/21

JVN#41397971
Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

Overview

IX SYSTEM, IXG SYSTEM, and System Support Software provided by AIPHONE CO., LTD. contain multiple vulnerabilities.

Products Affected

CVE-2024-31408, CVE-2024-39290

  • IX SYSTEM
    • IX-MV firmware Ver.7.10 and earlier
    • IX-MV7-HB firmware Ver.7.10 and earlier
    • IX-MV7-HBT firmware Ver.7.10 and earlier
    • IX-MV7-HW firmware Ver.7.10 and earlier
    • IX-MV7-HWT firmware Ver.7.10 and earlier
    • IX-MV7-HW-JP firmware Ver.7.10 and earlier
    • IX-MV7-B firmware Ver.7.10 and earlier
    • IX-MV7-BT firmware Ver.7.10 and earlier
    • IX-MV7-W firmware Ver.7.10 and earlier
    • IX-MV7-WT firmware Ver.7.10 and earlier
    • IX-DA firmware Ver.7.10 and earlier
    • IX-DAU firmware Ver.7.10 and earlier
    • IX-DB firmware Ver.7.10 and earlier
    • IX-DBT firmware Ver.7.10 and earlier
    • IX-EA firmware Ver.7.10 and earlier
    • IX-EAT firmware Ver.7.10 and earlier
    • IX-EAU firmware Ver.7.10 and earlier
    • IX-DV firmware Ver.7.11 and earlier
    • IX-DVT firmware Ver.7.11 and earlier
    • IX-DVF firmware Ver.7.11 and earlier
    • IX-DVF-P firmware Ver.7.11 and earlier
    • IX-DVF-L firmware Ver.7.11 and earlier
    • IX-DVM firmware Ver.7.10 and earlier
    • IX-DU firmware Ver.7.11 and earlier
    • IX-DVF-RA firmware Ver.7.11 and earlier
    • IX-DVF-2RA firmware Ver.7.11 and earlier
    • IX-BA firmware Ver.7.10 and earlier
    • IX-BAU firmware Ver.7.10 and earlier
    • IX-BB firmware Ver.7.10 and earlier
    • IX-BBT firmware Ver.7.10 and earlier
    • IX-FA firmware Ver.7.10 and earlier
    • IX-SSA firmware Ver.7.11 and earlier
    • IX-SS-2G firmware Ver.7.10 and earlier
    • IX-SS-2GT firmware Ver.7.10 and earlier
    • IX-SS-2G-N firmware Ver.7.10 and earlier
    • IX-BU firmware Ver.7.11 and earlier
    • IX-SSA-RA firmware Ver.7.11 and earlier
    • IX-SSA-2RA firmware Ver.7.11 and earlier
    • IX-RS-B firmware Ver.7.10 and earlier
    • IX-RS-BT firmware Ver.7.10 and earlier
    • IX-RS-W firmware Ver.7.10 and earlier
    • IX-RS-WT firmware Ver.7.10 and earlier
    • IXW-MA firmware Ver.7.10 and earlier
    • IX-SPMIC firmware Ver.7.10 and earlier
  • IXG SYSTEM
    • IXG-2C7 firmware Ver.3.01 and earlier
    • IXG-2C7-L firmware Ver.3.01 and earlier
    • IXG-DM7 firmware Ver.3.00 and earlier
    • IXG-DM7-HID firmware Ver.3.00 and earlier
    • IXG-DM7-HIDA firmware Ver.3.00 and earlier
    • IXG-DM7-10K firmware Ver.3.00 and earlier
    • IXG-MK firmware Ver.3.00 and earlier
    • IXGW-GW firmware Ver.3.01 and earlier
    • IXGW-TGW firmware Ver.3.01 and earlier
    • IXGW-LC firmware Ver.3.00 and earlier
CVE-2024-45837
  • IX SYSTEM
    • IX-MV firmware Ver.7.30 and earlier
    • IX-MV7-HB firmware Ver.7.31 and earlier
    • IX-MV7-HBT firmware Ver.7.31 and earlier
    • IX-MV7-HW firmware Ver.7.31 and earlier
    • IX-MV7-HWT firmware Ver.7.31 and earlier
    • IX-MV7-HW-JP firmware Ver.7.31 and earlier
    • IX-MV7-B firmware Ver.7.31 and earlier
    • IX-MV7-BT firmware Ver.7.31 and earlier
    • IX-MV7-W firmware Ver.7.31 and earlier
    • IX-MV7-WT firmware Ver.7.31 and earlier
    • IX-DA firmware Ver.7.30 and earlier
    • IX-DAU firmware Ver.7.30 and earlier
    • IX-DB firmware Ver.7.30 and earlier
    • IX-DBT firmware Ver.7.30 and earlier
    • IX-EA firmware Ver.7.30 and earlier
    • IX-EAT firmware Ver.7.30 and earlier
    • IX-EAU firmware Ver.7.30 and earlier
    • IX-DV firmware Ver.7.30 and earlier
    • IX-DVT firmware Ver.7.30 and earlier
    • IX-DVF firmware Ver.7.30 and earlier
    • IX-DVF-P firmware Ver.7.30 and earlier
    • IX-DVF-L firmware Ver.7.30 and earlier
    • IX-DVM firmware Ver.7.30 and earlier
    • IX-DU firmware Ver.7.30 and earlier
    • IX-DVF-RA firmware Ver.7.30 and earlier
    • IX-DVF-2RA firmware Ver.7.30 and earlier
    • IX-BA firmware Ver.7.30 and earlier
    • IX-BAU firmware Ver.7.30 and earlier
    • IX-BB firmware Ver.7.30 and earlier
    • IX-BBT firmware Ver.7.30 and earlier
    • IX-FA firmware Ver.7.30 and earlier
    • IX-SSA firmware Ver.7.30 and earlier
    • IX-SS-2G firmware Ver.7.30 and earlier
    • IX-SS-2GT firmware Ver.7.30 and earlier
    • IX-SS-2G-N firmware Ver.7.30 and earlier
    • IX-BU firmware Ver.7.30 and earlier
    • IX-SSA-RA firmware Ver.7.30 and earlier
    • IX-SSA-2RA firmware Ver.7.30 and earlier
    • IX-RS-B firmware Ver.7.30 and earlier
    • IX-RS-BT firmware Ver.7.30 and earlier
    • IX-RS-W firmware Ver.7.30 and earlier
    • IX-RS-WT firmware Ver.7.30 and earlier
    • IXW-MA firmware Ver.7.30 and earlier
    • IX-SPMIC firmware Ver.7.30 and earlier
  • IXG SYSTEM
    • IXG-2C7 firmware Ver.3.01 and earlier
    • IXG-2C7-L firmware Ver.3.01 and earlier
    • IXG-DM7 firmware Ver.3.00 and earlier
    • IXG-DM7-HID firmware Ver.3.00 and earlier
    • IXG-DM7-HIDA firmware Ver.3.00 and earlier
    • IXG-DM7-10K firmware Ver.3.00 and earlier
    • IXG-MK firmware Ver.3.00 and earlier
    • IXGW-GW firmware Ver.3.01 and earlier
    • IXGW-TGW firmware Ver.3.01 and earlier
    • IXGW-LC firmware Ver.3.00 and earlier
  • System Support Software
    • IX-SupportTool Ver.10.3.0.0 and earlier
    • IXG-SupportTool Ver.5.0.2.0 and earlier
CVE-2024-47142
  • IXG SYSTEM
    • IXG-2C7 firmware Ver.2.03 and earlier
    • IXG-2C7-L firmware Ver.2.03 and earlier

Description

AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System.
IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below.

  • OS command injection (CWE-78)
    • CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
    • CVE-2024-31408
  • Insufficiently protected credentials (CWE-522)
    • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
    • CVE-2024-39290
  • Use of hard-coded cryptographic key (CWE-321)
    • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 5.4
    • CVE-2024-45837
  • Insufficiently protected credentials (CWE-522)
    • CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Base Score 5.5
    • CVE-2024-47142

Impact

  • A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request (CVE-2024-31408)
  • A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book (CVE-2024-39290)
  • A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files (CVE-2024-45837)
  • A network-adjacent authenticated attacker may perform unintended operations (CVE-2024-47142)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Vera Mens of Claroty Research - Team82 reported these vulnerabilities to AIPHONE CO., LTD. and coordinated.
After the coordination was completed, AIPHONE CO., LTD. reported this case to IPA to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-31408
CVE-2024-39290
CVE-2024-45837
CVE-2024-47142
JVN iPedia JVNDB-2024-000106

Update History

2024/11/21
The CWE for CVE-2024-47142 was updated from CWE-284 to CWE-522.