Published: May 25, 2012
Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in the LAN-W300N/R series products on May 25, 2012. To fix this vulnerability, update the firmware to the latest version.
The LAN-W300N/R series produced by Logitec Corporation have a vulnerability where a remote attacker may gain access to the administration tool due to a flaw in access control. If exploited, there is a possibility that a remote attacker can log in the product as the administrator, view and change the configuration.
Get the fixed version at the following URL and update the firmware.
For the latest information, refer to the following URL:
In line with the Information Security Early Warning Partnership, the IPA received a report concerning this vulnerability through the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and made it public on May 25, 2012.
|IT Security Center,
Information-technology Promotion Agency, Japan
An attacker may gain access to the administrator tool of the LAN-W300N/R series from WAN. As a result, there is a possibility that the attacker can log in the product as the administrator, view and change the configuration.
To fix this vulnerability, update the firmware to the latest version.
(CVSS base score)
|CVSS base score||
|AV:Access Vector||□ Local||□ Adjacent
|AC:Access Complexity||□ High||□ Medium||■ Low|
|Au:Authentication||□ Multiple||□ Single||■ None|
|C:Confidentiality Impact||□ None||■ Partial||□ Complete|
|I:Integrity Impact||□ None||■ Partial||□ Complete|
|A:Availability Impact||□ None||■ Partial||□ Complete|
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)