Published:2017/07/20 Last Updated:2017/07/20
JVN#48823557
Multiple Buffalo wireless LAN access point devices do not properly perform authentication
Overview
Multiple wireless LAN access point devices provided by BUFFALO INC. do not properly perform authentication.
Products Affected
- WAPM-1166D firmware Ver.1.2.7 and earlier
- WAPM-APG600H firmware Ver.1.16.1 and earlier
Description
WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication (CWE-287).
Impact
An attacker who can access the device may log in via telnet without authentication and access the configuration interface of the device.
Solution
Update the Firmware
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| BUFFALO INC. | Vulnerable | 2017/07/20 | BUFFALO INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score:
9.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score:
10.0
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-2126 |
| JVN iPedia |
JVNDB-2017-000179 |
Update History
- 2017/07/20
- Fixed CVSS v2 score under the section [Vulnerability Analysis by JPCERT/CC]