CVE-2022-0184 - OpenCVE

Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kingjim	Tepura Pro Sr5900p Tepura Pro Sr5900p Firmware Tepura Pro Sr-7900p Spc10 Firmware Tepura Pro Sr-7900p Firmware Sma3 Spc10

Configuration 1 [-]

AND

cpe:2.3:o:kingjim:tepura_pro_sr5900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingjim:tepura_pro_sr5900p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:kingjim:tepura_pro_sr-7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingjim:tepura_pro_sr-7900p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:kingjim:spc10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingjim:spc10:-:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:kingjim:sma3:*:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/jp/JVN81479705/index.html	Third Party Advisory
https://www.kingjim.co.jp/download/security/#sr01	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2022-01-17T09:10:32

Updated: 2022-01-17T09:10:32

Reserved: 2022-01-11T00:00:00

Link: CVE-2022-0184

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-17T10:15:08.247

Modified: 2022-01-28T20:58:56.980

Link: CVE-2022-0184

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"containers": {"cna": {"affected": [{"product": "TEPRA PRO", "vendor": "KING JIM CO.,LTD.", "versions": [{"status": "affected", "version": "'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."}], "problemTypes": [{"descriptions": [{"description": "Insufficiently protected credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-17T09:10:32", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.kingjim.co.jp/download/security/#sr01"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-0184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TEPRA PRO", "version": {"version_data": [{"version_value": "'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier"}]}}]}, "vendor_name": "KING JIM CO.,LTD."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficiently protected credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.kingjim.co.jp/download/security/#sr01", "refsource": "MISC", "url": "https://www.kingjim.co.jp/download/security/#sr01"}, {"name": "https://jvn.jp/en/jp/JVN81479705/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-0184", "datePublished": "2022-01-17T09:10:32", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2022-01-17T09:10:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingjim:tepura_pro_sr5900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0314A915-34F9-40CB-BF0A-12567921DBA1", "versionEndIncluding": "1.080", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingjim:tepura_pro_sr5900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A8A508-FFF9-4CE9-BB6F-C42D00575AB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingjim:tepura_pro_sr-7900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "775BD969-F02C-4824-93E0-D6A2F4BD3714", "versionEndIncluding": "1.030", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingjim:tepura_pro_sr-7900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "72FB38FA-DE3D-4A3A-872F-FC9F6C384F7E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingjim:spc10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "625EB6D3-AF6F-424F-9E18-24CE098297B4", "versionEndIncluding": "1.0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingjim:spc10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF80D096-4356-43DD-A703-B1D83365D915", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kingjim:sma3:*:*:*:*:*:*:*:*", "matchCriteriaId": "7642DFAD-F9B6-4515-8820-8111990DDCAE", "versionEndExcluding": "1.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."}, {"lang": "es", "value": "Una vulnerabilidad de credenciales insuficientemente protegidas en \"TEPRA\" PRO SR5900P Versiones 1.080 y anteriores y \"TEPRA\" PRO SR-R7900P Versiones 1.030 y anteriores, permite a un atacante en la red adyacente obtener credenciales para conectarse al punto de acceso Wi-Fi con el modo de infraestructura"}], "id": "CVE-2022-0184", "lastModified": "2022-01-28T20:58:56.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-17T10:15:08.247", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.kingjim.co.jp/download/security/#sr01"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}