Search

Find a vulnerability

Search criteria

    6 vulnerabilities by KING JIM CO.,LTD.

    CVE-2022-0184 (GCVE-0-2022-0184)

    Vulnerability from nvd – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
    VLAI
    Summary
    Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.
    Severity
    No CVSS data available.
    CWE
    • Insufficiently protected credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    KING JIM CO.,LTD. TEPRA PRO Affected: 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:42.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kingjim.co.jp/download/security/#sr01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81479705/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TEPRA PRO",
              "vendor": "KING JIM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficiently protected credentials vulnerability in \u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insufficiently protected credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:10:32.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kingjim.co.jp/download/security/#sr01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81479705/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-0184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TEPRA PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KING JIM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficiently protected credentials vulnerability in \u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficiently protected credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kingjim.co.jp/download/security/#sr01",
                  "refsource": "MISC",
                  "url": "https://www.kingjim.co.jp/download/security/#sr01"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN81479705/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81479705/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-0184",
        "datePublished": "2022-01-17T09:10:32.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:42.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0183 (GCVE-0-2022-0183)

    Vulnerability from nvd – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
    VLAI
    Summary
    Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.
    Severity
    No CVSS data available.
    CWE
    • Missing encryption of sensitive data
    Assigner
    References
    Impacted products
    Vendor Product Version
    KING JIM CO.,LTD. MIRUPASS Affected: 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:42.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kingjim.co.jp/download/security/#mirupass"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN19826500/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MIRUPASS",
              "vendor": "KING JIM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing encryption of sensitive data vulnerability in \u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing encryption of sensitive data",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:10:30.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kingjim.co.jp/download/security/#mirupass"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN19826500/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-0183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MIRUPASS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KING JIM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing encryption of sensitive data vulnerability in \u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing encryption of sensitive data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kingjim.co.jp/download/security/#mirupass",
                  "refsource": "MISC",
                  "url": "https://www.kingjim.co.jp/download/security/#mirupass"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN19826500/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN19826500/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-0183",
        "datePublished": "2022-01-17T09:10:31.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:42.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0184 (GCVE-0-2022-0184)

    Vulnerability from cvelistv5 – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
    VLAI
    Summary
    Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.
    Severity
    No CVSS data available.
    CWE
    • Insufficiently protected credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    KING JIM CO.,LTD. TEPRA PRO Affected: 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:42.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kingjim.co.jp/download/security/#sr01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81479705/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TEPRA PRO",
              "vendor": "KING JIM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficiently protected credentials vulnerability in \u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insufficiently protected credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:10:32.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kingjim.co.jp/download/security/#sr01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81479705/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-0184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TEPRA PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KING JIM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficiently protected credentials vulnerability in \u0027TEPRA\u0027 PRO SR5900P Ver.1.080 and earlier and \u0027TEPRA\u0027 PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficiently protected credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kingjim.co.jp/download/security/#sr01",
                  "refsource": "MISC",
                  "url": "https://www.kingjim.co.jp/download/security/#sr01"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN81479705/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81479705/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-0184",
        "datePublished": "2022-01-17T09:10:32.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:42.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0183 (GCVE-0-2022-0183)

    Vulnerability from cvelistv5 – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
    VLAI
    Summary
    Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.
    Severity
    No CVSS data available.
    CWE
    • Missing encryption of sensitive data
    Assigner
    References
    Impacted products
    Vendor Product Version
    KING JIM CO.,LTD. MIRUPASS Affected: 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:42.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kingjim.co.jp/download/security/#mirupass"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN19826500/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MIRUPASS",
              "vendor": "KING JIM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing encryption of sensitive data vulnerability in \u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing encryption of sensitive data",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:10:30.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kingjim.co.jp/download/security/#mirupass"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN19826500/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-0183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MIRUPASS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KING JIM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing encryption of sensitive data vulnerability in \u0027MIRUPASS\u0027 PW10 firmware all versions and \u0027MIRUPASS\u0027 PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing encryption of sensitive data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kingjim.co.jp/download/security/#mirupass",
                  "refsource": "MISC",
                  "url": "https://www.kingjim.co.jp/download/security/#mirupass"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN19826500/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN19826500/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-0183",
        "datePublished": "2022-01-17T09:10:31.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:42.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2022-000005

    Vulnerability from jvndb - Published: 2022-01-13 15:26 - Updated:2022-01-13 15:26
    Severity
    Summary
    PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
    Details
    PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability (CWE-311). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000005.html",
      "dc:date": "2022-01-13T15:26+09:00",
      "dcterms:issued": "2022-01-13T15:26+09:00",
      "dcterms:modified": "2022-01-13T15:26+09:00",
      "description": "PASSWORD MANAGER \"MIRUPASS\" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability (CWE-311).\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000005.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:kingjim:mirupass_pw10_firmware",
          "@product": "Password Manager \"MIRUPASS\" PW10 firmware",
          "@vendor": "KING JIM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:kingjim:mirupass_pw20_firmware",
          "@product": "Password Manager \"MIRUPASS\" PW20 firmware",
          "@vendor": "KING JIM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.9",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.6",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000005",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN19826500/index.html",
          "@id": "JVN#19826500",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-0183",
          "@id": "CVE-2022-0183",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0183",
          "@id": "CVE-2022-0183",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "PASSWORD MANAGER \"MIRUPASS\" PW10 / PW20 missing encryption"
    }

    JVNDB-2022-000004

    Vulnerability from jvndb - Published: 2022-01-13 15:21 - Updated:2022-01-13 15:21
    Severity
    Summary
    Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials
    Details
    Label printers "TEPRA" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability (CWE-522). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000004.html",
      "dc:date": "2022-01-13T15:21+09:00",
      "dcterms:issued": "2022-01-13T15:21+09:00",
      "dcterms:modified": "2022-01-13T15:21+09:00",
      "description": "Label printers \"TEPRA\" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability (CWE-522).\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000004.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:kingjim:tepura_pro_sr-7900p_firmware",
          "@product": "Label Printer \"Tepra\" PRO SR-R7900P",
          "@vendor": "KING JIM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:kingjim:tepura_pro_sr5900p_firmware",
          "@product": "Label Printer \"Tepra\" PRO SR5900P",
          "@vendor": "KING JIM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000004",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN81479705/index.html",
          "@id": "JVN#81479705",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-0184",
          "@id": "CVE-2022-0184",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0184",
          "@id": "CVE-2022-0184",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Label printers \"TEPRA\" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials"
    }