Published:2023/10/10  Last Updated:2023/10/10

JVNVU#99039725
Multiple vulnerabilities in Micro Research MR-GM series

Overview

MR-GM series provided by Micro Research Ltd. contains multiple vulnerabilities.

Products Affected

All MR-GM2/MR-GM3 models equipped with wireless LAN functionality are affected by these vulnerabilities.

  • MR-GM2 firmware Ver. 3.00.03 and earlier
  • MR-GM3 series (MR-GM3-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier
MR-GM3L series is not affected by these vulnerabilities.

Description

MR-GM series provided by Micro Research Ltd. contains multiple vulnerabilities listed below.

  • Out-of-bounds write (CWE-787) - CVE-2021-35392, CVE-2021-35393
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 4.3
  • Use of default credentials (CWE-1392) - CVE-2023-45194
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Base Score: 6.1

Impact

  • When the WPS function of the product is enabled, the WPS function may fall into a denial-of-service (DoS) condition by an attacker who has access to the product - CVE-2021-35392, CVE-2021-35393
  • When the product performs wireless LAN communication without changing the pre-shared key from the factory-default configuration, the communication can be intercepted by an attacker - CVE-2023-45194

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
Micro Research Ltd. Vulnerability Information on MR-GM series

References

  1. Realtek_APRouter_SDK_Advisory
    Realtek AP-Router SDK Advisory (CVE-2021-35392/CVE-2021-35393/CVE-2021-35394/CVE-2021-35395)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-35392, CVE-2021-35393
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported that these old vulnerabilities remain in the product.
JPCERT/CC coordinated with the developer.

CVE-2023-45194
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-45194
JVN iPedia