Published:2022/05/19  Last Updated:2022/05/19

JVN#46892984
Multiple vulnerabilities in Rakuten Casa

Overview

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities.

Products Affected

  • Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0

Description

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.

  • Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 5.9
    CVSS v2 AV:N/AC:M/Au:N/C:C/I:N/A:N Base Score: 7.1
  • Improper Access Control (CWE-284) - CVE-2022-28704
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5
    CVSS v2 V:N/AC:L/Au:N/C:C/I:N/A:N Base Score: 7.8
  • Improper Access Control (CWE-284) - CVE-2022-26834
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5
    CVSS v2 AV:N/AC:L/Au:N/C:C/I:N/A:N Base Score: 7.8

Impact

  • An attacker who can obtain information about the product housing may log in with the root privileges and perform arbitrary operations - CVE-2022-29525
  • If the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings, a remote attacker may log in with the root privileges and perform arbitrary operations - CVE-2022-28704
  • The information stored in the product may be obtained as the product is set to accept HTTP connections from the WAN side by default - CVE-2022-26834

Solution

Update the software
According to the developer, the fixed software for these vulnerabilities has been released in August 2021, and in the case where the product housing is properly set in accordance with Terms of Installation, the update is applied automatically.

Vendor Status

Vendor Status Last Update Vendor Notes
Rakuten Mobile, Inc. Vulnerable 2022/05/19 Rakuten Mobile, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2022-29525
Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2022-28704
Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2022-26834
Tagawa, Masaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-29525
CVE-2022-28704
CVE-2022-26834
JVN iPedia JVNDB-2022-000036