Improper Access Control in Rakuten Casa Affects Remote Login Vulnerability
CVE-2022-28704
7.2HIGH
What is CVE-2022-28704?
An improper access control vulnerability exists in Rakuten Casa versions AP_F_V1_4_1 and AP_F_V2_0_0. If the device is configured with default settings, including acceptance of SSH connections from the WAN side and unchanged authentication credentials, it allows remote attackers to gain root privileges and execute arbitrary operations. This vulnerability highlights the critical need for secure configuration practices to protect against unauthorized access and potential exploitation.
Affected Version(s)
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0
