CVE-2015-7792 – CVE-2015-7792 is an unspecified vulnerability i... (How to Fix)

Q: What is the severity of CVE-2015-7792?

CVE-2015-7792 has a CVSS score of 9.8 (CRITICAL). CVE-2015-7792 is an unspecified vulnerability in Corega CG-WLBARGS devices that allows remote attackers to perform administrative operations without authentication. This affects all users of Corega CG-WLBARGS devices with vulnerable firmware versions. Attackers can potentially take full control of affected devices.

📋 TL;DR

CVE-2015-7792 is an unspecified vulnerability in Corega CG-WLBARGS devices that allows remote attackers to perform administrative operations without authentication. This affects all users of Corega CG-WLBARGS devices with vulnerable firmware versions. Attackers can potentially take full control of affected devices.

💻 Affected Systems

Products:

Corega CG-WLBARGS

Versions: All versions prior to firmware update

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Cg Wlbargs Firmware by Corega

View all CVEs affecting Cg Wlbargs Firmware →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to reconfigure network settings, intercept traffic, install malware, or use device as pivot point into internal network.

🟠

Likely Case

Unauthorized administrative access leading to network configuration changes, DNS hijacking, or device takeover for botnet participation.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Directly exposed devices can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability allows administrative operations without authentication, suggesting simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware update released by Corega

Vendor Advisory: http://corega.jp/support/security/20151224_wlbargs.htm

Restart Required: Yes

Instructions:

1. Download latest firmware from Corega support site. 2. Log into device admin interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot device.

🔧 Temporary Workarounds

Network Isolation

all

Place devices behind firewalls with strict inbound filtering to prevent external exploitation.

Access Control Lists

all

Implement network ACLs to restrict administrative access to trusted IP addresses only.

🧯 If You Can't Patch

Replace vulnerable devices with supported models
Segment affected devices in isolated network zones with no internet access

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via admin interface. If version predates December 2015 patches, device is vulnerable.

Check Version:

Check via web admin interface at device IP address

Verify Fix Applied:

Verify firmware version matches or exceeds version specified in Corega advisory. Test administrative functions require authentication.

📡 Detection & Monitoring

Log Indicators:

Unauthorized administrative access attempts
Configuration changes from unexpected sources
Failed authentication attempts followed by successful administrative operations

Network Indicators:

Administrative protocol traffic from unexpected sources
Unusual configuration changes via network protocols

SIEM Query:

source_ip NOT IN trusted_admin_ips AND (uri CONTAINS '/admin' OR uri CONTAINS '/cgi-bin') AND response_code=200

📊 Metadata

CVE ID: CVE-2015-7792

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-264

Published: December 30, 2015

Last Updated: April 12, 2025

🔗 References

http://corega.jp/support/security/20151224_wlbargs.htm Vendor Advisory
http://jvn.jp/en/jp/JVN51349622/index.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201 Vendor Advisory
http://www.securityfocus.com/bid/79683
http://corega.jp/support/security/20151224_wlbargs.htm Vendor Advisory
http://jvn.jp/en/jp/JVN51349622/index.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201 Vendor Advisory
http://www.securityfocus.com/bid/79683

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-7792, you might also want to check these: