OS Command Injection in Inaba Denki Sangyo Wi-Fi AP UNIT
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-28392 CVE-2023-31198 CVE-2023-31196 |
| CWE-ID | CWE-78 CWE-306 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
AC-WAPU-300 Hardware solutions / Routers & switches, VoIP, GSM, etc AC-WAPU-300-P Hardware solutions / Routers & switches, VoIP, GSM, etc AC-WAPUM-300 Hardware solutions / Routers & switches, VoIP, GSM, etc AC-WAPUM-300-P Hardware solutions / Routers & switches, VoIP, GSM, etc AC-PD-WAPU Hardware solutions / Routers & switches, VoIP, GSM, etc AC-PD-WAPUM Hardware solutions / Routers & switches, VoIP, GSM, etc AC-PD-WAPU-P Hardware solutions / Routers & switches, VoIP, GSM, etc AC-PD-WAPUM-P Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | INABA DENKI SANGYO |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated 09.06.2023
Added vulnerabilities #2-3
1) OS Command Injection
EUVDB-ID: #VU76161
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28392
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAC-WAPU-300: 1.00_B07
AC-WAPU-300-P: 1.00_B08P
AC-WAPUM-300: 1.00_B07
AC-WAPUM-300-P: 1.00_B08P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300:1.00_B07:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300-p:1.00_B08P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300:1.00_B07:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300-p:1.00_B08P:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU98968780/index.html
https://www.inaba.co.jp/abaniact/news/Wi-Fi%20AP%20UNIT%E3%80%8CAC-WAPU-300%E3%80%8D%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8BOS%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%82%A4%E3%83%B3%E3%82%B8%E3%82%A7%E3%82%AF%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU77122
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31198
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAC-PD-WAPU: 1.05_B04
AC-PD-WAPUM: 1.05_B04
AC-PD-WAPU-P: 1.05_B04P
AC-PD-WAPUM-P: 1.05_B04P
AC-WAPU-300: 1.00_B07
AC-WAPUM-300: 1.00_B07
AC-WAPU-300-P: 1.00_B08P
AC-WAPUM-300-P: 1.00_B08P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu:1.05_B04:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum:1.05_B04:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu-p:1.05_B04P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum-p:1.05_B04P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300:1.00_B07:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN28412757/index.html
https://www.inaba.co.jp/abaniact/news/Wi-Fi_AP_UNIT%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8B%E8%A4%87%E6%...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Authentication for Critical Function
EUVDB-ID: #VU77121
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-31196
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function. A remote attacker can obtain sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAC-PD-WAPU: 1.05_B04
AC-PD-WAPUM: 1.05_B04
AC-PD-WAPU-P: 1.05_B04P
AC-PD-WAPUM-P: 1.05_B04P
AC-WAPU-300: 1.00_B07
AC-WAPUM-300: 1.00_B07
AC-WAPU-300-P: 1.00_B08P
AC-WAPUM-300-P: 1.00_B08P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu:1.05_B04:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum:1.05_B04:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapu-p:1.05_B04P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wapum-p:1.05_B04P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300:1.00_B07:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapu-300-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wapum-300-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN28412757/index.html
https://www.inaba.co.jp/abaniact/news/Wi-Fi_AP_UNIT%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8B%E8%A4%87%E6%95%B0%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
