Multiple vulnerabilities in FXC AE1021 and AE1021PE

Overview

AE1021 and AE1021PE provided by FXC Inc. contain multiple vulnerabilities.

Description

AE1021 and AE1021PE are information outlet type wireless LAN routers provided by FXC Inc. They contain multiple vulnerabilities listed below.

  • Weak Authentication (CWE-1390)
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score 7.5
    • CVE-2024-47397
  • OS Command Injection (CWE-78)
    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2024-53688
  • Inclusion of Undocumented Features (CWE-1242)
    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2024-54457

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Credit

Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

نوشته های مشابه

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

WordPress Plugin “My WP Customize Admin/Frontend” vulnerable to cross-site scripting

Multiple vulnerabilities in SHARP routers

“Shonen Jump+” App for Android fails to restrict custom URL schemes properly