Published:2023/05/09 Last Updated:2023/05/09
JVN#80476232
SR-7100VN vulnerable to privilege escalation
Overview
SR-7100VN contains a privilege escalation vulnerability.
Products Affected
- SR-7100VN firmware Ver.1.38(N) and earlier
- SR-7100VN #31 firmware Ver.1.21 and earlier
Description
SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability (CWE-268).
Impact
A user with an administrator privilege of the product may obtain administrative privileges of the OS (Operating System). As a result, an arbitrary OS command may be executed by the user.
Solution
Update the Firmware
Update the firmware according to the information provided by the developer.
The developer states that the vulnerability was fixed in the following versions:
- SR-7100VN firmware Ver.1.39(N)
- SR-7100VN #31 firmware Ver.1.22
Vendor Status
| Vendor | Link |
| ICOM INCORPORATED | Information about security update for SR-7100VN/SR-7100VN #31 Wireless Broadband VoIP Router (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score:
6.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:A/AC:L/Au:S/C:P/I:P/A:P
Base Score:
5.2
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
HAMANO Kiyoto of SOUM Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-28390 |
| JVN iPedia |
JVNDB-2023-000046 |