CVE-2022-26834 – CVE-2022-26834 is an improper access control vu... (How to Fix)

📋 TL;DR

CVE-2022-26834 is an improper access control vulnerability in Rakuten Casa devices that allows remote attackers to access sensitive information stored on the device. This occurs because the devices accept HTTP connections from the WAN (internet-facing) side by default. All users of affected Rakuten Casa versions are vulnerable unless they change the default configuration.

💻 Affected Systems

Products:

Rakuten Casa

Versions: AP_F_V1_4_1 through AP_F_V2_0_0

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration where HTTP connections are accepted from WAN side.

📦 What is this software?

Casa by Rakuten

View all CVEs affecting Casa →

Casa by Rakuten

View all CVEs affecting Casa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attackers could access all sensitive information stored on the device, potentially including credentials, configuration data, and user information, leading to complete compromise.

🟠

Likely Case

Attackers scanning for vulnerable devices could access device information and potentially use it for further attacks or reconnaissance.

🟢

If Mitigated

With proper network segmentation and firewall rules, the impact is limited to internal network access only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP access to the device from the WAN interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after AP_F_V2_0_0

Vendor Advisory: https://network.mobile.rakuten.co.jp/information/news/product/1033/

Restart Required: Yes

Instructions:

1. Access Rakuten Casa admin interface
2. Check for firmware updates
3. Apply latest firmware update
4. Restart device after update

🔧 Temporary Workarounds

Disable WAN HTTP Access

all

Configure device to disable HTTP connections from WAN interface

Access admin interface > Network Settings > Disable WAN HTTP access

Firewall Restriction

linux

Block HTTP traffic to device from external networks

iptables -A INPUT -p tcp --dport 80 -s ! 192.168.0.0/16 -j DROP

🧯 If You Can't Patch

Place device behind firewall with strict inbound rules blocking HTTP from external networks
Change default network configuration to restrict WAN access to essential services only

🔍 How to Verify

Check if Vulnerable:

Check if device responds to HTTP requests from external network on port 80

Check Version:

Check device admin interface or use curl to access version endpoint

Verify Fix Applied:

Verify firmware version is newer than AP_F_V2_0_0 and test HTTP access from external network

📡 Detection & Monitoring

Log Indicators:

External IP addresses accessing HTTP service
Multiple failed authentication attempts from external sources

Network Indicators:

HTTP traffic to device from external IP addresses
Port scanning activity targeting port 80

SIEM Query:

source_ip IN external_ips AND dest_port=80 AND protocol=HTTP

📊 Metadata

CVE ID: CVE-2022-26834

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: June 13, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN46892984/index.html Third Party Advisory,VDB Entry
https://network.mobile.rakuten.co.jp/information/news/product/1033/ Vendor Advisory
https://jvn.jp/en/jp/JVN46892984/index.html Third Party Advisory,VDB Entry
https://network.mobile.rakuten.co.jp/information/news/product/1033/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON