CVE-2022-0184 - OpenCVE

Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kingjim	Sma3 Spc10 Spc10 Firmware Tepura Pro Sr-7900p Tepura Pro Sr-7900p Firmware Tepura Pro Sr5900p Tepura Pro Sr5900p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:kingjim:tepura_pro_sr5900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingjim:tepura_pro_sr5900p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:kingjim:tepura_pro_sr-7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingjim:tepura_pro_sr-7900p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:kingjim:spc10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingjim:spc10:-:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:kingjim:sma3:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN81479705/index.html
https://www.kingjim.co.jp/download/security/#sr01

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-01-17T09:10:32

Updated: 2024-08-02T23:18:42.544Z

Reserved: 2022-01-11T00:00:00

Link: CVE-2022-0184

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-17T10:15:08.247

Modified: 2022-01-28T20:58:56.980

Link: CVE-2022-0184

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TEPRA PRO", "vendor": "KING JIM CO.,LTD.", "versions": [{"status": "affected", "version": "'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."}], "problemTypes": [{"descriptions": [{"description": "Insufficiently protected credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-17T09:10:32", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.kingjim.co.jp/download/security/#sr01"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-0184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TEPRA PRO", "version": {"version_data": [{"version_value": "'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier"}]}}]}, "vendor_name": "KING JIM CO.,LTD."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficiently protected credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.kingjim.co.jp/download/security/#sr01", "refsource": "MISC", "url": "https://www.kingjim.co.jp/download/security/#sr01"}, {"name": "https://jvn.jp/en/jp/JVN81479705/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:42.544Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.kingjim.co.jp/download/security/#sr01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-0184", "datePublished": "2022-01-17T09:10:32", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2024-08-02T23:18:42.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingjim:tepura_pro_sr5900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0314A915-34F9-40CB-BF0A-12567921DBA1", "versionEndIncluding": "1.080", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingjim:tepura_pro_sr5900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A8A508-FFF9-4CE9-BB6F-C42D00575AB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingjim:tepura_pro_sr-7900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "775BD969-F02C-4824-93E0-D6A2F4BD3714", "versionEndIncluding": "1.030", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingjim:tepura_pro_sr-7900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "72FB38FA-DE3D-4A3A-872F-FC9F6C384F7E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingjim:spc10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "625EB6D3-AF6F-424F-9E18-24CE098297B4", "versionEndIncluding": "1.0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingjim:spc10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF80D096-4356-43DD-A703-B1D83365D915", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kingjim:sma3:*:*:*:*:*:*:*:*", "matchCriteriaId": "7642DFAD-F9B6-4515-8820-8111990DDCAE", "versionEndExcluding": "1.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode."}, {"lang": "es", "value": "Una vulnerabilidad de credenciales insuficientemente protegidas en \"TEPRA\" PRO SR5900P Versiones 1.080 y anteriores y \"TEPRA\" PRO SR-R7900P Versiones 1.030 y anteriores, permite a un atacante en la red adyacente obtener credenciales para conectarse al punto de acceso Wi-Fi con el modo de infraestructura"}], "id": "CVE-2022-0184", "lastModified": "2022-01-28T20:58:56.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-17T10:15:08.247", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN81479705/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.kingjim.co.jp/download/security/#sr01"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}