Published:2023/12/06  Last Updated:2023/12/22

JVNVU#92152057
FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection
Critical

Overview

Wireless LAN routers "AE1021PE" and "AE1021" provided by FXC Inc. contain an OS command injection vulnerability.

Products Affected

  • AE1021PE firmware version 2.0.9 and earlier
  • AE1021 firmware version 2.0.9 and earlier

Description

"AE1021PE" and "AE1021" provided by FXC Inc. are information outlet-based wireless LAN routers.
"AE1021PE" and "AE1021" contain an OS command injection vulnerability (CWE-78).

JPCERT/CC has confirmed the communication which exploits this vulnerability.

Impact

An arbitrary OS command may be executed by an attacker who can log in to the product.

Solution

Update the Firmware and Apply the appropriate settings
The developer has released firmware 2.0.10 that addresses this vulnerability.
Update the firmware to 2.0.10, and apply the the following settings.

  • Reset "Factory setting" and change the default management screen login password
For more information, refer to the information provided by the developer.

Vendor Status

Vendor Link
FXC Inc. "Notice of release of firmware Ver2.0.10 for AE1021/AE1021PE" (Text in Japanese)

References

  1. Actively Exploited Vulnerability in FXC Routers: Fixed, Patches Available
  2. ICS Advisory | ICSA-23-355-01
    FXC AE1021/AE1021PE

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score: 8.0
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Ryu Kuki, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
And almost at the same time, The Akamai SIRT reported this vulnerability to CISA. JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-49897
JVN iPedia

Update History

2023/12/22
Information under the section [References] was updated.