IPA/ISEC：Vulnerabilities：Security Alert for Vulnerability in LAN-W300N/R Series

Published: May 25, 2012
>> JAPANESE

1.Overview

The LAN-W300N/R series produced by Logitec Corporation have a vulnerability where a remote attacker may gain access to the administration tool due to a flaw in access control. If exploited, there is a possibility that a remote attacker can log in the product as the administrator, view and change the configuration.

Get the fixed version at the following URL and update the firmware.
http://www.logitec.co.jp/info/2012/0516.html (Japanese)
For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051

In line with the Information Security Early Warning Partnership, the IPA received a report concerning this vulnerability through the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and made it public on May 25, 2012.

2.Impact

An attacker may gain access to the administrator tool of the LAN-W300N/R series from WAN. As a result, there is a possibility that the attacker can log in the product as the administrator, view and change the configuration.

3.Solution

To fix this vulnerability, update the firmware to the latest version.

4.CVSS Severity

(1)Evaluation Result

(2) Base Score Metrics

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "Permissions, Privileges, and Access Controls (CWE-264)".

Contact