Multiple vulnerabilities in SHARP routers

Overview

SHARP routers contain multiple vulnerabilities.

Products Affected

CVE-2024-45721, CVE-2024-46873, CVE-2024-47864, CVE-2024-52321
For NTT DOCOMO, INC.

• home 5G HR02 versions S5.82.00 and earlier
• Wi-Fi STATION SH-52B versions S3.87.11 and earlier
• Wi-Fi STATION SH-54C versions S6.60.00 and earlier

CVE-2024-46873, CVE-2024-52321
For NTT DOCOMO, INC.

• Wi-Fi STATION SH-05L versions 01.00.C0 and earlier

For SoftBank Corp.

• PocketWifi 809SH versions 01.00.B9 and earlier

For KDDI CORPORATION

• Speed Wi-Fi NEXT W07 versions 02.00.48 and earlier

CVE-2024-54082
For NTT DOCOMO, INC.

• home 5G HR02 versions S5.82.00 and earlier
• Wi-Fi STATION SH-54C versions S6.60.00 and earlier

Description

SHARP routers contain multiple vulnerabilities listed below.

• OS command injection vulnerability in the HOST name configuration screen (CWE-78)
  • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
  • CVE-2024-45721
• The hidden debug function is enabled (CWE-489)
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
  • CVE-2024-46873
• Buffer overflow vulnerability in the hidden debug function (CWE-120)
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 5.3
  • CVE-2024-47864
• Improper authentication vulnerability in the configuration backup function (CWE-497)
  • CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.9
  • CVE-2024-52321
• OS command injection vulnerability in the configuration restore function (CWE-78)
  • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
  • CVE-2024-54082

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Credit

Shuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.