cvelistv5 - cve-2022-28704

CVE-2022-28704 (GCVE-0-2022-28704)

Vulnerability from cvelistv5

Published

2022-06-13 04:50

Modified

2024-08-03 06:03

Severity ?

CWE

Improper Access Control

Summary

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.

References

►

URL

Tags

	https://network.mobile.rakuten.co.jp/information/news/product/1033/	x_refsource_MISC
	https://jvn.jp/en/jp/JVN46892984/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Rakuten Mobile, Inc.	Rakuten Casa	Version: version AP_F_V1_4_1 or AP_F_V2_0_0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:52.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rakuten Casa",
          "vendor": "Rakuten Mobile, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-13T04:50:31",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-28704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rakuten Casa",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rakuten Mobile, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
              "refsource": "MISC",
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-28704",
    "datePublished": "2022-06-13T04:50:32",
    "dateReserved": "2022-05-13T00:00:00",
    "dateUpdated": "2024-08-03T06:03:52.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-28704

Vulnerability from jvndb

Published

2022-05-19 15:13

Modified

2024-06-18 12:09

Severity ?

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Multiple vulnerabilities in Rakuten Casa

Details

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. * Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 * Improper Access Control (CWE-284) - CVE-2022-28704 * Improper Access Control (CWE-284) - CVE-2022-26834 CVE-2022-29525 Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-28704 Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-26834 Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

►

Type

URL

	JVN	http://jvn.jp/en/jp/JVN46892984/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-29525
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-28704
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-26834
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26834
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-28704
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29525
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

►

Vendor

Product

Rakuten Mobile, Inc.

Rakuten Casa

Show details on JVN DB website