Lucene search

K
jvnJapan Vulnerability NotesJVN:85073657
HistoryOct 18, 2021 - 12:00 a.m.

JVN#85073657: 128 Technology Session Smart Router vulnerable to authentication bypass

2021-10-1800:00:00
Japan Vulnerability Notes
jvn.jp
23
128 technology
authentication bypass
update software
remote attacker
os command
cwe-287
upgrade
version 4.4 to 5.0.1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.9%

128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability (CWE-287).

Impact

A remote attacker may bypass the authentication and execute an arbitrary OS command with the root privilege.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
According to the developer, 128T SSR 4.4 series is no longer supported and to continue using 4 series, users need to upgrade to 4.5.11. Also, 128T SSR 5.0.0 or 5.0.1 users need to upgrade to 5.1.6 or later.
For more information on upgrading, see Upgrading the 128T Networking Platform.

Products Affected

  • 128 Technology Session Smart Router versions from 4.4 to 5.0.1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.9%

Related for JVN:85073657