Login Sign Up

CVE-2022-28704

7.2 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to gain root access to Rakuten Casa devices via SSH when default settings are unchanged. It affects devices connected to the internet with default authentication credentials. Attackers can perform arbitrary operations with full system control.

💻 Affected Systems

Products:
  • Rakuten Casa
Versions: AP_F_V1_4_1 through AP_F_V2_0_0
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when: 1) SSH connections accepted from WAN side, 2) Connected to internet, 3) Default authentication unchanged.

📦 What is this software?

Casa by Rakuten

View all CVEs affecting Casa →

Casa by Rakuten

View all CVEs affecting Casa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise: attacker gains root access, can install malware, steal data, pivot to internal networks, or render device inoperable.

🟠

Likely Case

Remote root access leading to device takeover, data theft, and potential use as attack platform.

🟢

If Mitigated

No impact if default credentials are changed and SSH from WAN is disabled.

🌐 Internet-Facing: HIGH - Devices exposed to internet with default settings are trivially exploitable.
🏢 Internal Only: LOW - Requires network access; default credentials still pose risk if SSH is enabled internally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires SSH access with default credentials; trivial for attackers scanning for vulnerable devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after AP_F_V2_0_0

Vendor Advisory: https://network.mobile.rakuten.co.jp/information/news/product/1033/

Restart Required: Yes

Instructions:

1. Update Rakuten Casa firmware to latest version. 2. Reboot device after update. 3. Verify SSH from WAN is disabled and credentials are changed.

🔧 Temporary Workarounds

Disable SSH from WAN

all

Prevent SSH connections from external networks

Access web admin interface > Network settings > Disable SSH from WAN

Change Default Credentials

linux

Change root and admin passwords from defaults

ssh root@device_ip
passwd
Enter new strong password

🧯 If You Can't Patch

  • Immediately change all default passwords (root and admin accounts)
  • Disable SSH access from WAN/internet in device settings
  • Restrict SSH access to specific IP addresses if remote access needed

🔍 How to Verify

Check if Vulnerable:

Check if SSH is accessible from internet with default credentials: 1. Attempt SSH connection from external network. 2. Try default credentials (consult device manual).

Check Version:

ssh root@device_ip 'cat /etc/version' or check web admin interface

Verify Fix Applied:

1. Confirm firmware version is updated. 2. Verify SSH from external networks fails. 3. Test that default credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Failed SSH login attempts from external IPs
  • Successful SSH logins with default usernames
  • Multiple SSH connection attempts

Network Indicators:

  • SSH traffic from unexpected external sources
  • Unusual outbound connections from device

SIEM Query:

source="ssh_logs" (user="root" OR user="admin") AND (src_ip NOT IN internal_networks)

📊 Metadata

CVE ID: CVE-2022-28704
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: June 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON