Search criteria
7 vulnerabilities by Rakuten Mobile, Inc.
CVE-2024-47865 (GCVE-0-2024-47865)
Vulnerability from cvelistv5 – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
VLAI?
Summary
Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten Turbo 5G |
Affected:
V1.3.18 and earlier
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "turbo_5g_firmware",
"vendor": "rakuten",
"versions": [
{
"lessThanOrEqual": "1.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:00:21.866202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:16:26.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Turbo 5G",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "V1.3.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T07:30:35.780Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90667116/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47865",
"datePublished": "2024-11-20T07:30:35.780Z",
"dateReserved": "2024-11-05T02:54:11.800Z",
"dateUpdated": "2024-11-20T15:16:26.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48895 (GCVE-0-2024-48895)
Vulnerability from cvelistv5 – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
VLAI?
Summary
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten Turbo 5G |
Affected:
V1.3.18 and earlier
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "turbo_5g_firmware",
"vendor": "rakuten",
"versions": [
{
"lessThanOrEqual": "1.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:00:28.074293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:16:26.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Turbo 5G",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "V1.3.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T07:30:10.357Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90667116/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-48895",
"datePublished": "2024-11-20T07:30:10.357Z",
"dateReserved": "2024-11-05T02:54:12.661Z",
"dateUpdated": "2024-11-20T15:16:26.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52033 (GCVE-0-2024-52033)
Vulnerability from cvelistv5 – Published: 2024-11-20 07:29 – Updated: 2024-11-20 15:05
VLAI?
Summary
Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.
Severity ?
5.3 (Medium)
CWE
- CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten Turbo 5G |
Affected:
V1.3.18 and earlier
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "turbo_5g_firmware",
"vendor": "rakuten",
"versions": [
{
"lessThanOrEqual": "1.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:00:34.400424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:05:53.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Turbo 5G",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "V1.3.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of sensitive system information to an unauthorized control sphere",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T07:29:44.727Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90667116/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-52033",
"datePublished": "2024-11-20T07:29:44.727Z",
"dateReserved": "2024-11-05T02:54:13.731Z",
"dateUpdated": "2024-11-20T15:05:53.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40282 (GCVE-0-2023-40282)
Vulnerability from cvelistv5 – Published: 2023-08-23 03:16 – Updated: 2025-07-01 14:01 Unsupported When Assigned
VLAI?
Summary
Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.
Severity ?
5.4 (Medium)
CWE
- Improper authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten WiFi Pocket |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://network.mobile.rakuten.co.jp/product/internet/rakuten-wifi-pocket/support/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55217369/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-40282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T03:09:42.399512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:01:12.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rakuten WiFi Pocket",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product\u0027s Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T03:16:56.417Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://network.mobile.rakuten.co.jp/product/internet/rakuten-wifi-pocket/support/"
},
{
"url": "https://jvn.jp/en/jp/JVN55217369/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-40282",
"datePublished": "2023-08-23T03:16:56.417Z",
"dateReserved": "2023-08-14T01:52:11.134Z",
"dateUpdated": "2025-07-01T14:01:12.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29525 (GCVE-0-2022-29525)
Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:26
VLAI?
Summary
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten Casa |
Affected:
version AP_F_V1_4_1 or AP_F_V2_0_0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Casa",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T04:50:33",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rakuten Casa",
"version": {
"version_data": [
{
"version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
}
]
}
}
]
},
"vendor_name": "Rakuten Mobile, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
"refsource": "MISC",
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"name": "https://jvn.jp/en/jp/JVN46892984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29525",
"datePublished": "2022-06-13T04:50:33",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28704 (GCVE-0-2022-28704)
Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:03
VLAI?
Summary
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten Casa |
Affected:
version AP_F_V1_4_1 or AP_F_V2_0_0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Casa",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T04:50:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rakuten Casa",
"version": {
"version_data": [
{
"version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
}
]
}
}
]
},
"vendor_name": "Rakuten Mobile, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
"refsource": "MISC",
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"name": "https://jvn.jp/en/jp/JVN46892984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28704",
"datePublished": "2022-06-13T04:50:32",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26834 (GCVE-0-2022-26834)
Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 05:11
VLAI?
Summary
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rakuten Mobile, Inc. | Rakuten Casa |
Affected:
version AP_F_V1_4_1 or AP_F_V2_0_0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Casa",
"vendor": "Rakuten Mobile, Inc.",
"versions": [
{
"status": "affected",
"version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T04:50:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rakuten Casa",
"version": {
"version_data": [
{
"version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
}
]
}
}
]
},
"vendor_name": "Rakuten Mobile, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
"refsource": "MISC",
"url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
},
{
"name": "https://jvn.jp/en/jp/JVN46892984/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46892984/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26834",
"datePublished": "2022-06-13T04:50:27",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-08-03T05:11:44.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}