Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for Rakuten Casa by Rakuten Mobile, Inc.

    CVE-2022-29525 (GCVE-0-2022-29525)

    Vulnerability from nvd – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.961Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:33.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29525",
        "datePublished": "2022-06-13T04:50:33.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28704 (GCVE-0-2022-28704)

    Vulnerability from nvd – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:03
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:31.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-28704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-28704",
        "datePublished": "2022-06-13T04:50:32.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:03:52.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26834 (GCVE-0-2022-26834)

    Vulnerability from nvd – Published: 2022-06-13 04:50 – Updated: 2024-08-03 05:11
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:27.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26834",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26834",
        "datePublished": "2022-06-13T04:50:27.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:11:44.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29525 (GCVE-0-2022-29525)

    Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.961Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:33.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29525",
        "datePublished": "2022-06-13T04:50:33.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28704 (GCVE-0-2022-28704)

    Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:03
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:31.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-28704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-28704",
        "datePublished": "2022-06-13T04:50:32.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:03:52.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26834 (GCVE-0-2022-26834)

    Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 05:11
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:27.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26834",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26834",
        "datePublished": "2022-06-13T04:50:27.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:11:44.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2022-000036

    Vulnerability from jvndb - Published: 2022-05-19 15:13 - Updated:2024-06-18 12:09
    Severity
    Summary
    Multiple vulnerabilities in Rakuten Casa
    Details
    Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. * Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 * Improper Access Control (CWE-284) - CVE-2022-28704 * Improper Access Control (CWE-284) - CVE-2022-26834 CVE-2022-29525 Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-28704 Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-26834 Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000036.html",
      "dc:date": "2024-06-18T12:09+09:00",
      "dcterms:issued": "2022-05-19T15:13+09:00",
      "dcterms:modified": "2024-06-18T12:09+09:00",
      "description": "Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 \r\n* Improper Access Control (CWE-284) - CVE-2022-28704\r\n* Improper Access Control (CWE-284) - CVE-2022-26834\r\n\r\nCVE-2022-29525\r\nNarumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-28704\r\nHiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-26834\r\nTagawa, Masaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000036.html",
      "sec:cpe": {
        "#text": "cpe:/a:rakuten:casa",
        "@product": "Rakuten Casa",
        "@vendor": "Rakuten Mobile, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000036",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN46892984/index.html",
          "@id": "JVN#46892984",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29525",
          "@id": "CVE-2022-29525",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-28704",
          "@id": "CVE-2022-28704",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-26834",
          "@id": "CVE-2022-26834",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26834",
          "@id": "CVE-2022-26834",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28704",
          "@id": "CVE-2022-28704",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29525",
          "@id": "CVE-2022-29525",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in Rakuten Casa"
    }