Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for Rakuten Turbo 5G by Rakuten Mobile, Inc.

    CVE-2024-52033 (GCVE-0-2024-52033)

    Vulnerability from nvd – Published: 2024-11-20 07:29 – Updated: 2024-11-20 15:05
    VLAI
    Summary
    Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:34.400424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:05:53.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:29:44.727Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-52033",
        "datePublished": "2024-11-20T07:29:44.727Z",
        "dateReserved": "2024-11-05T02:54:13.731Z",
        "dateUpdated": "2024-11-20T15:05:53.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48895 (GCVE-0-2024-48895)

    Vulnerability from nvd – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:28.074293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:10.357Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-48895",
        "datePublished": "2024-11-20T07:30:10.357Z",
        "dateReserved": "2024-11-05T02:54:12.661Z",
        "dateUpdated": "2024-11-20T15:16:26.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47865 (GCVE-0-2024-47865)

    Vulnerability from nvd – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:21.866202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:35.780Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47865",
        "datePublished": "2024-11-20T07:30:35.780Z",
        "dateReserved": "2024-11-05T02:54:11.800Z",
        "dateUpdated": "2024-11-20T15:16:26.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47865 (GCVE-0-2024-47865)

    Vulnerability from cvelistv5 – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:21.866202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:35.780Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47865",
        "datePublished": "2024-11-20T07:30:35.780Z",
        "dateReserved": "2024-11-05T02:54:11.800Z",
        "dateUpdated": "2024-11-20T15:16:26.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48895 (GCVE-0-2024-48895)

    Vulnerability from cvelistv5 – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:28.074293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:10.357Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-48895",
        "datePublished": "2024-11-20T07:30:10.357Z",
        "dateReserved": "2024-11-05T02:54:12.661Z",
        "dateUpdated": "2024-11-20T15:16:26.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52033 (GCVE-0-2024-52033)

    Vulnerability from cvelistv5 – Published: 2024-11-20 07:29 – Updated: 2024-11-20 15:05
    VLAI
    Summary
    Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:34.400424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:05:53.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:29:44.727Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-52033",
        "datePublished": "2024-11-20T07:29:44.727Z",
        "dateReserved": "2024-11-05T02:54:13.731Z",
        "dateUpdated": "2024-11-20T15:05:53.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-012941

    Vulnerability from jvndb - Published: 2024-11-19 10:41 - Updated:2024-11-19 10:41
    Severity
    Summary
    Multiple vulnerabilities in Rakuten Turbo 5G
    Details
    Rakuten Turbo 5G provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. * Missing authentication for critical function (CWE-306) - CVE-2024-47865 * OS command injection (CWE-78) - CVE-2024-48895 * Exposure of sensitive system information to an unauthorized control sphere (CWE-497) - CVE-2024-52033 Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012941.html",
      "dc:date": "2024-11-19T10:41+09:00",
      "dcterms:issued": "2024-11-19T10:41+09:00",
      "dcterms:modified": "2024-11-19T10:41+09:00",
      "description": "Rakuten Turbo 5G provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* Missing authentication for critical function (CWE-306) - CVE-2024-47865\r\n* OS command injection (CWE-78) - CVE-2024-48895\r\n* Exposure of sensitive system information to an unauthorized control sphere (CWE-497) - CVE-2024-52033\r\n\r\nSamy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012941.html",
      "sec:cpe": {
        "#text": "cpe:/o:rakuten:rakuten_turbo_5g",
        "@product": "Rakuten Turbo 5G",
        "@vendor": "Rakuten Mobile, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-012941",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU90667116/index.html",
          "@id": "JVNVU#90667116",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47865",
          "@id": "CVE-2024-47865",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-48895",
          "@id": "CVE-2024-48895",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-52033",
          "@id": "CVE-2024-52033",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/497.html",
          "@id": "CWE-497",
          "@title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in Rakuten Turbo 5G"
    }