Published:2024/12/13 Last Updated:2024/12/13
JVNVU#91084137
Multiple vulnerabilities in FXC AE1021 and AE1021PE
Overview
AE1021 and AE1021PE provided by FXC Inc. contain multiple vulnerabilities.
Products Affected
- AE1021 and AE1021PE firmware versions 2.0.10 and earlier
Description
AE1021 and AE1021PE are information outlet type wireless LAN routers provided by FXC Inc. They contain multiple vulnerabilities listed below.
- Weak Authentication (CWE-1390)
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score 7.5
- CVE-2024-47397
- OS Command Injection (CWE-78)
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2024-53688
- Inclusion of Undocumented Features (CWE-1242)
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2024-54457
Impact
- The authentication may be bypassed with an undocumented specific string (CVE-2024-47397)
- A logged-in user may execute an arbitrary OS command using a crafted HTTP request (CVE-2024-53688)
- A logged-in user may enable telnet service (CVE-2024-54457)
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| FXC Inc. | Announcement of Firmware 2.0.11 Release for AE1021/AE1021PE (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-47397 |
|
CVE-2024-53688 |
|
|
CVE-2024-54457 |
|
| JVN iPedia |
|