Published:2021/01/26  Last Updated:2021/01/26

JVN#96783542
Multiple vulnerabilities in multiple LOGITEC products

Overview

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities.

Products Affected

CVE-2021-20635

  • LAN-WH450N/GR
CVE-2021-20636, CVE-2021-20637
  • LAN-W300N/PR5B
CVE-2021-20638, CVE-2021-20639, CVE-2021-20640
  • LAN-W300N/PGRB
CVE-2021-20641, CVE-2021-20642
  • LAN-W300N/RS

Description

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities listed below.

  • Improper restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635
  • CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3
  • Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:N Base Score: 4.0
  • Improper check or handling of exceptional conditions (CWE-703) - CVE-2021-20637, CVE-2021-20642
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Base Score: 4.3
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:N/A:P Base Score: 2.6
  • OS command injection (CWE-78) - CVE-2021-20638
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • OS command injection (CWE-78) - CVE-2021-20639
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Buffer overflow (CWE-119) - CVE-2021-20640
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2

Impact

  • An attacker in the wireless range of the device may recover PIN and access the network - CVE-2021-20635
  • If a user who is logging into the administrative web page of the device accesses a specially crafted URL, unintended operation to the device such as changes of the device settings may be conducted - CVE-2021-20636, CVE-2021-20641
  • If a user who is logging into the administrative web page of the device accesses a specially crafted URL, that may lead to a denial-of-service (DoS) condition - CVE-2021-20637, CVE-2021-20642
  • An attacker who can access the administrative web page of the device may execute arbitrary OS command - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640

Solution

Stop using the products
The developer states these vulnerable products are no longer supported, therefore stop using the products.

Vendor Status

Vendor Status Last Update Vendor Notes
LOGITEC CORPORATION Vulnerable 2021/01/26 LOGITEC CORPORATION website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-20635
Takaaki Minegishi and Takeshi Okamoto of Kanagawa Institute of Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20636, CVE-2021-20637, CVE-2021-20642
Shuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20638, CVE-2021-20639, CVE-2021-20640
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20641
Shuto Imai of LAC Co., Ltd. and Atsuo Sakurai of TECHMATRIX CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-20635
CVE-2021-20636
CVE-2021-20637
CVE-2021-20638
CVE-2021-20639
CVE-2021-20640
CVE-2021-20641
CVE-2021-20642
JVN iPedia JVNDB-2021-000010