Published:2013/09/20 Last Updated:2013/09/20
JVN#43152129
SEIL Series routers vulnerable to buffer overflow
Overview
SEIL Series routers contain a buffer overflow vulnerability.
Products Affected
- SEIL/x86 1.00 to 2.81
- SEIL/X1 1.00 to 4.31
- SEIL/X2 1.00 to 4.31
- SEIL/B1 1.00 to 4.31
- SEIL/Turbo 2.05 to 2.15
- SEIL/neu 2FE Plus 2.05 to 2.15
Description
The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages.
Impact
An attacker may execute an arbitrary code on the vulnerable system.
Solution
Update the Firmware
Apply the appropriate firmware update provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Internet Initiative Japan Inc. | vulnerable | 2013/09/20 | Internet Initiative Japan Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.09.20
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-4709 |
| JVN iPedia |
JVNDB-2013-000092 |