Published:2023/05/16 Last Updated:2023/06/09
JVNVU#98968780
OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT
Overview
Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains an OS command injection vulnerability.
Products Affected
- AC-PD-WAPU v1.05_B04 and earlier
- AC-PD-WAPUM v1.05_B04 and earlier
- AC-PD-WAPU-P v1.05_B04P and earlier
- AC-PD-WAPUM-P v1.05_B04P and earlier
- AC-WAPU-300 v1.00_B07 and earlier
- AC-WAPUM-300 v1.00_B07 and earlier
- AC-WAPU-300-P v1.00_B08P and earlier
- AC-WAPUM-300-P v1.00_B08P and earlier
Description
Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains an OS command injection vulnerability (CWE-78).
Impact
An arbitrary OS command may be executed by an authenticated user with the administrative privilege.
Solution
Apply the workaround
The developer states that these products are no longer supported and recommends the following mitigations.
- Change the initial configuration values
- Change IP address
- Change device operation setting
- Prohibit access to the WEB UI (the setting page) from WAN/Wireless interface (Only allow through the front LAN port)
- Change filtering configuration
- Set the MAC address of the client to allow wireless connection
- Configure VPN, IP filters, etc. to restrict connections from the client
- Other Cautions
- Setup a firewall and run the product behind it
- Do not access to other websites while logged into the setting page of the product
- Close the web browser after finishing the operation in the setting page
- Delete the password for the setting page saved in the web browser
Vendor Status
| Vendor | Link |
| Inaba Denki Sangyo Co., Ltd. | OS command injection vulnerability in Wi-Fi AP UNIT (PDF, Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score:
7.2
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score:
6.5
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-28392 |
| JVN iPedia |
|
Update History
- 2023/06/09
- Information under the section [Products Affected], [Impact], [Solution] and [Vendor Status] was updated