Search

Find a vulnerability

Search criteria

    17 vulnerabilities by Rakuten Mobile, Inc.

    CVE-2024-52033 (GCVE-0-2024-52033)

    Vulnerability from nvd – Published: 2024-11-20 07:29 – Updated: 2024-11-20 15:05
    VLAI
    Summary
    Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:34.400424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:05:53.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:29:44.727Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-52033",
        "datePublished": "2024-11-20T07:29:44.727Z",
        "dateReserved": "2024-11-05T02:54:13.731Z",
        "dateUpdated": "2024-11-20T15:05:53.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48895 (GCVE-0-2024-48895)

    Vulnerability from nvd – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:28.074293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:10.357Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-48895",
        "datePublished": "2024-11-20T07:30:10.357Z",
        "dateReserved": "2024-11-05T02:54:12.661Z",
        "dateUpdated": "2024-11-20T15:16:26.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47865 (GCVE-0-2024-47865)

    Vulnerability from nvd – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:21.866202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:35.780Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47865",
        "datePublished": "2024-11-20T07:30:35.780Z",
        "dateReserved": "2024-11-05T02:54:11.800Z",
        "dateUpdated": "2024-11-20T15:16:26.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40282 (GCVE-0-2023-40282)

    Vulnerability from nvd – Published: 2023-08-23 03:16 – Updated: 2025-07-01 14:01 Unsupported When Assigned
    VLAI
    Summary
    Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper authentication
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/product/internet/rakuten-wifi-pocket/support/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN55217369/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-17T03:09:42.399512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-01T14:01:12.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten WiFi Pocket",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product\u0027s Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-23T03:16:56.417Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/product/internet/rakuten-wifi-pocket/support/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN55217369/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-40282",
        "datePublished": "2023-08-23T03:16:56.417Z",
        "dateReserved": "2023-08-14T01:52:11.134Z",
        "dateUpdated": "2025-07-01T14:01:12.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29525 (GCVE-0-2022-29525)

    Vulnerability from nvd – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.961Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:33.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29525",
        "datePublished": "2022-06-13T04:50:33.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28704 (GCVE-0-2022-28704)

    Vulnerability from nvd – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:03
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:31.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-28704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-28704",
        "datePublished": "2022-06-13T04:50:32.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:03:52.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26834 (GCVE-0-2022-26834)

    Vulnerability from nvd – Published: 2022-06-13 04:50 – Updated: 2024-08-03 05:11
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:27.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26834",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26834",
        "datePublished": "2022-06-13T04:50:27.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:11:44.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47865 (GCVE-0-2024-47865)

    Vulnerability from cvelistv5 – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:21.866202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:35.780Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47865",
        "datePublished": "2024-11-20T07:30:35.780Z",
        "dateReserved": "2024-11-05T02:54:11.800Z",
        "dateUpdated": "2024-11-20T15:16:26.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48895 (GCVE-0-2024-48895)

    Vulnerability from cvelistv5 – Published: 2024-11-20 07:30 – Updated: 2024-11-20 15:16
    VLAI
    Summary
    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:28.074293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:26.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:30:10.357Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-48895",
        "datePublished": "2024-11-20T07:30:10.357Z",
        "dateReserved": "2024-11-05T02:54:12.661Z",
        "dateUpdated": "2024-11-20T15:16:26.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52033 (GCVE-0-2024-52033)

    Vulnerability from cvelistv5 – Published: 2024-11-20 07:29 – Updated: 2024-11-20 15:05
    VLAI
    Summary
    Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Turbo 5G Affected: V1.3.18 and earlier
    Create a notification for this product.
    rakuten turbo_5g_firmware Affected: 0 , ≤ 1.3.18 (custom)
        cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rakuten:turbo_5g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "turbo_5g_firmware",
                "vendor": "rakuten",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:00:34.400424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:05:53.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Turbo 5G",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.3.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-20T07:29:44.727Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90667116/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-52033",
        "datePublished": "2024-11-20T07:29:44.727Z",
        "dateReserved": "2024-11-05T02:54:13.731Z",
        "dateUpdated": "2024-11-20T15:05:53.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40282 (GCVE-0-2023-40282)

    Vulnerability from cvelistv5 – Published: 2023-08-23 03:16 – Updated: 2025-07-01 14:01 Unsupported When Assigned
    VLAI
    Summary
    Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper authentication
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/product/internet/rakuten-wifi-pocket/support/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN55217369/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-17T03:09:42.399512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-01T14:01:12.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten WiFi Pocket",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product\u0027s Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-23T03:16:56.417Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://network.mobile.rakuten.co.jp/product/internet/rakuten-wifi-pocket/support/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN55217369/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-40282",
        "datePublished": "2023-08-23T03:16:56.417Z",
        "dateReserved": "2023-08-14T01:52:11.134Z",
        "dateUpdated": "2025-07-01T14:01:12.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29525 (GCVE-0-2022-29525)

    Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.961Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:33.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29525",
        "datePublished": "2022-06-13T04:50:33.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28704 (GCVE-0-2022-28704)

    Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 06:03
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:31.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-28704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-28704",
        "datePublished": "2022-06-13T04:50:32.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:03:52.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26834 (GCVE-0-2022-26834)

    Vulnerability from cvelistv5 – Published: 2022-06-13 04:50 – Updated: 2024-08-03 05:11
    VLAI
    Summary
    Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rakuten Mobile, Inc. Rakuten Casa Affected: version AP_F_V1_4_1 or AP_F_V2_0_0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuten Casa",
              "vendor": "Rakuten Mobile, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T04:50:27.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26834",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuten Casa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version AP_F_V1_4_1 or AP_F_V2_0_0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rakuten Mobile, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://network.mobile.rakuten.co.jp/information/news/product/1033/",
                  "refsource": "MISC",
                  "url": "https://network.mobile.rakuten.co.jp/information/news/product/1033/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN46892984/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN46892984/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26834",
        "datePublished": "2022-06-13T04:50:27.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:11:44.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-012941

    Vulnerability from jvndb - Published: 2024-11-19 10:41 - Updated:2024-11-19 10:41
    Severity
    Summary
    Multiple vulnerabilities in Rakuten Turbo 5G
    Details
    Rakuten Turbo 5G provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. * Missing authentication for critical function (CWE-306) - CVE-2024-47865 * OS command injection (CWE-78) - CVE-2024-48895 * Exposure of sensitive system information to an unauthorized control sphere (CWE-497) - CVE-2024-52033 Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012941.html",
      "dc:date": "2024-11-19T10:41+09:00",
      "dcterms:issued": "2024-11-19T10:41+09:00",
      "dcterms:modified": "2024-11-19T10:41+09:00",
      "description": "Rakuten Turbo 5G provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* Missing authentication for critical function (CWE-306) - CVE-2024-47865\r\n* OS command injection (CWE-78) - CVE-2024-48895\r\n* Exposure of sensitive system information to an unauthorized control sphere (CWE-497) - CVE-2024-52033\r\n\r\nSamy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012941.html",
      "sec:cpe": {
        "#text": "cpe:/o:rakuten:rakuten_turbo_5g",
        "@product": "Rakuten Turbo 5G",
        "@vendor": "Rakuten Mobile, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-012941",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU90667116/index.html",
          "@id": "JVNVU#90667116",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47865",
          "@id": "CVE-2024-47865",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-48895",
          "@id": "CVE-2024-48895",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-52033",
          "@id": "CVE-2024-52033",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/497.html",
          "@id": "CWE-497",
          "@title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in Rakuten Turbo 5G"
    }

    JVNDB-2023-000086

    Vulnerability from jvndb - Published: 2023-08-23 12:42 - Updated:2024-03-27 13:43
    Severity
    Summary
    Rakuten WiFi Pocket vulnerable to improper authentication
    Details
    Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability (CWE-287). Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000086.html",
      "dc:date": "2024-03-27T13:43+09:00",
      "dcterms:issued": "2023-08-23T12:42+09:00",
      "dcterms:modified": "2024-03-27T13:43+09:00",
      "description": "Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router.\r\nManagement Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability (CWE-287).\r\n\r\nSato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000086.html",
      "sec:cpe": {
        "#text": "cpe:/o:rakuten:wifi_pocket_firmware",
        "@product": "Rakuten WiFi Pocket",
        "@vendor": "Rakuten Mobile, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.9",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.1",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000086",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN55217369/index.html",
          "@id": "JVN#55217369",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40282",
          "@id": "CVE-2023-40282",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40282",
          "@id": "CVE-2023-40282",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "Rakuten WiFi Pocket vulnerable to improper authentication"
    }

    JVNDB-2022-000036

    Vulnerability from jvndb - Published: 2022-05-19 15:13 - Updated:2024-06-18 12:09
    Severity
    Summary
    Multiple vulnerabilities in Rakuten Casa
    Details
    Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. * Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 * Improper Access Control (CWE-284) - CVE-2022-28704 * Improper Access Control (CWE-284) - CVE-2022-26834 CVE-2022-29525 Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-28704 Hiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-26834 Tagawa, Masaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000036.html",
      "dc:date": "2024-06-18T12:09+09:00",
      "dcterms:issued": "2022-05-19T15:13+09:00",
      "dcterms:modified": "2024-06-18T12:09+09:00",
      "description": "Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below.\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2022-29525 \r\n* Improper Access Control (CWE-284) - CVE-2022-28704\r\n* Improper Access Control (CWE-284) - CVE-2022-26834\r\n\r\nCVE-2022-29525\r\nNarumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-28704\r\nHiroki Oshiro and Tagawa, Masaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-26834\r\nTagawa, Masaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000036.html",
      "sec:cpe": {
        "#text": "cpe:/a:rakuten:casa",
        "@product": "Rakuten Casa",
        "@vendor": "Rakuten Mobile, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000036",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN46892984/index.html",
          "@id": "JVN#46892984",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29525",
          "@id": "CVE-2022-29525",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-28704",
          "@id": "CVE-2022-28704",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-26834",
          "@id": "CVE-2022-26834",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26834",
          "@id": "CVE-2022-26834",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28704",
          "@id": "CVE-2022-28704",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29525",
          "@id": "CVE-2022-29525",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in Rakuten Casa"
    }