cvelistv5 - CVE-2022-29525

CVE-2022-29525 (GCVE-0-2022-29525)

Vulnerability from cvelistv5

Published

2022-06-13 04:50

Modified

2024-08-03 06:26

Severity ?

CWE

Use of Hard-coded credentials

Summary

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

References

URL

	Vendor	Product	Version
	Rakuten Mobile, Inc.	Rakuten Casa	Version: version AP_F_V1_4_1 or AP_F_V2_0_0

fkie_cve-2022-29525

Vulnerability from fkie_nvd

Published

2022-06-13 05:15

Modified

2024-11-21 06:59

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN46892984/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://network.mobile.rakuten.co.jp/information/news/product/1033/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN46892984/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://network.mobile.rakuten.co.jp/information/news/product/1033/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	rakuten	casa	ap_f_v1_4_1
	rakuten	casa	ap_f_v2_0_0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rakuten:casa:ap_f_v1_4_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FD3B2B-54E6-4B63-982C-D993BF58885A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rakuten:casa:ap_f_v2_0_0:*:*:*:*:*:*:*",
              "matchCriteriaId": "954CEA14-FC4C-438C-B71B-8516C47D71DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
    },
    {
      "lang": "es",
      "value": "Rakuten Casa versiones AP_F_V1_4_1 o AP_F_V2_0_0, usa una credencial embebida que puede permitir a un atacante remoto no autenticado iniciar sesi\u00f3n con el privilegio de root y llevar a cabo una operaci\u00f3n arbitraria"
    }
  ],
  "id": "CVE-2022-29525",
  "lastModified": "2024-11-21T06:59:15.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-13T05:15:11.313",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-29525

Vulnerability from jvndb

Published

2022-05-19 15:13

Modified

2024-06-18 12:09

Severity ?

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Multiple vulnerabilities in Rakuten Casa

Details

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. * Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 * Improper Access Control (CWE-284) - CVE-2022-28704 * Improper Access Control (CWE-284) - CVE-2022-26834 CVE-2022-29525 Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-28704 Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-26834 Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN46892984/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-29525
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-28704
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-26834
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26834
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-28704
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29525
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Rakuten Mobile, Inc.

Rakuten Casa

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000036.html",
  "dc:date": "2024-06-18T12:09+09:00",
  "dcterms:issued": "2022-05-19T15:13+09:00",
  "dcterms:modified": "2024-06-18T12:09+09:00",
  "description": "Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 \r\n* Improper Access Control (CWE-284) - CVE-2022-28704\r\n* Improper Access Control (CWE-284) - CVE-2022-26834\r\n\r\nCVE-2022-29525\r\nNarumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-28704\r\nHiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-26834\r\nTagawa, Masaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000036.html",
  "sec:cpe": {
    "#text": "cpe:/a:rakuten:casa",
    "@product": "Rakuten Casa",
    "@vendor": "Rakuten Mobile, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000036",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN46892984/index.html",
      "@id": "JVN#46892984",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29525",
      "@id": "CVE-2022-29525",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-28704",
      "@id": "CVE-2022-28704",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-26834",
      "@id": "CVE-2022-26834",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26834",
      "@id": "CVE-2022-26834",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28704",
      "@id": "CVE-2022-28704",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29525",
      "@id": "CVE-2022-29525",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Rakuten Casa"
}

ghsa-p4rr-qwvg-x2jf

Vulnerability from github

Published

2022-06-14 00:00

Modified

2022-06-23 00:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-29525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-13T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.",
  "id": "GHSA-p4rr-qwvg-x2jf",
  "modified": "2022-06-23T00:00:34Z",
  "published": "2022-06-14T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29525"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
    },
    {
      "type": "WEB",
      "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2022-29525

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

Aliases

CVE-2022-29525

Aliases

CVE-2022-29525

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29525",
    "description": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.",
    "id": "GSD-2022-29525"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29525"
      ],
      "details": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.",
      "id": "GSD-2022-29525",
      "modified": "2023-12-13T01:19:42.112423Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-29525",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Rakuten Casa",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rakuten Mobile, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use of Hard-coded credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
            "refsource": "MISC",
            "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rakuten:casa:ap_f_v2_0_0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rakuten:casa:ap_f_v1_4_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29525"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            },
            {
              "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-22T14:44Z",
      "publishedDate": "2022-06-13T05:15Z"
    }
  }
}

var-202205-1606

Vulnerability from variot

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. Provided by Rakuten Mobile, Inc. Rakuten Casa There are multiple vulnerabilities in the following: - Use of hardcoded credentials (CWE-798) - CVE-2022-29525 - Inadequate access restrictions (CWE-284) - CVE-2022-28704 - Inadequate access restrictions (CWE-284) - CVE-2022-26834CVE-2022-29525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Rack Co., Ltd. Hirai Narumi Mr CVE-2022-28704 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Oshiro Yuki Mr. Tagawa Maki Mr CVE-2022-26834 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Tagawa Maki MrThe expected impact varies depending on the vulnerability, but the following impacts may occur: - A third party who has access to information about the affected product's case may root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-29525 ・Initial settings WAN From the side SSH If your computer is set to accept connections and you are connected to the Internet without changing the authentication information from the default settings, root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-28704 ・Initial settings WAN From the side HTTP The device is ready to accept connections, and internal information about the device can be obtained. - CVE-2022-26834. Rakuten Mobile Rakuten Casa is a small base station of Rakuten Mobile in Japan. Used to improve radio wave conditions for users.

Rakuten Mobile Rakuten Casa AP_F_V2_0_0 and AP_F_V1_4_1 versions have a trust management issue vulnerability, which is caused by hard-coded credentials in the application code. An unauthenticated remote attacker could exploit this vulnerability to gain full access to a vulnerable system using hard-coded credentials

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-1606",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "casa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rakuten",
        "version": "ap_f_v1_4_1"
      },
      {
        "model": "casa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rakuten",
        "version": "ap_f_v2_0_0"
      },
      {
        "model": "rakuten casa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u697d\u5929\u30e2\u30d0\u30a4\u30eb\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "rakuten casa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u697d\u5929\u30e2\u30d0\u30a4\u30eb\u682a\u5f0f\u4f1a\u793e",
        "version": "ap_f_v1_4_1  or  ap_f_v2_0_0"
      },
      {
        "model": "mobile rakuten casa ap f v2 0 0",
        "scope": null,
        "trust": 0.6,
        "vendor": "rakuten",
        "version": null
      },
      {
        "model": "mobile rakuten casa ap f v1 4 1",
        "scope": null,
        "trust": 0.6,
        "vendor": "rakuten",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "cve": "CVE-2022-29525",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-29525",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 7.1,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-000036",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-77817",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-29525",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-000036",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-29525",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-77817",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-3823",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. Provided by Rakuten Mobile, Inc. Rakuten Casa There are multiple vulnerabilities in the following: - Use of hardcoded credentials (CWE-798) - CVE-2022-29525 - Inadequate access restrictions (CWE-284) - CVE-2022-28704 - Inadequate access restrictions (CWE-284) - CVE-2022-26834CVE-2022-29525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Rack Co., Ltd. Hirai Narumi Mr CVE-2022-28704 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Oshiro Yuki Mr. Tagawa Maki Mr CVE-2022-26834 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Tagawa Maki MrThe expected impact varies depending on the vulnerability, but the following impacts may occur: - A third party who has access to information about the affected product\u0027s case may root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-29525 \u30fbInitial settings WAN From the side SSH If your computer is set to accept connections and you are connected to the Internet without changing the authentication information from the default settings, root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-28704 \u30fbInitial settings WAN From the side HTTP The device is ready to accept connections, and internal information about the device can be obtained. - CVE-2022-26834. Rakuten Mobile Rakuten Casa is a small base station of Rakuten Mobile in Japan. Used to improve radio wave conditions for users. \n\r\n\r\nRakuten Mobile Rakuten Casa AP_F_V2_0_0 and AP_F_V1_4_1 versions have a trust management issue vulnerability, which is caused by hard-coded credentials in the application code. An unauthenticated remote attacker could exploit this vulnerability to gain full access to a vulnerable system using hard-coded credentials",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29525"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-29525",
        "trust": 3.9
      },
      {
        "db": "JVN",
        "id": "JVN46892984",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036",
        "trust": 1.4
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051910",
        "trust": 1.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29525",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "id": "VAR-202205-1606",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      }
    ],
    "trust": 1.35
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:32:26.599000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u3010important\u3011 Rakuten\u00a0Casa Software update information",
        "trust": 0.8,
        "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
      },
      {
        "title": "Patch for Rakuten Mobile Rakuten Casa Trust Management Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/349126"
      },
      {
        "title": "Rakuten Mobile Rakuten Casa Repair measures for trust management problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197082"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Authorization / authority / access control (CWE-264) [IPA evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://jvn.jp/en/jp/jvn46892984/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
      },
      {
        "trust": 1.2,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051910"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn46892984/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26834"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28704"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29525"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-29525/"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000036.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "date": "2022-06-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29525"
      },
      {
        "date": "2022-05-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "date": "2022-05-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      },
      {
        "date": "2022-06-13T05:15:11.313000",
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "date": "2022-06-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29525"
      },
      {
        "date": "2024-06-18T03:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-000036"
      },
      {
        "date": "2022-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      },
      {
        "date": "2024-11-21T06:59:15.457000",
        "db": "NVD",
        "id": "CVE-2022-29525"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rakuten Mobile Rakuten Casa Trust Management Issue Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-77817"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3823"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-29525 (GCVE-0-2022-29525)

Vulnerability from cvelistv5

fkie_cve-2022-29525

Vulnerability from fkie_nvd

CVE-2022-29525

Vulnerability from jvndb

ghsa-p4rr-qwvg-x2jf

Vulnerability from github

gsd-2022-29525

Vulnerability from gsd

var-202205-1606

Vulnerability from variot

Tags

Sightings

Nomenclature