CVE-2022-29525 – CVE-2022-29525 is a critical authentication byp... (How to Fix)

Q: What is the severity of CVE-2022-29525?

CVE-2022-29525 has a CVSS score of 9.8 (CRITICAL). CVE-2022-29525 is a critical authentication bypass vulnerability in Rakuten Casa devices where hard-coded root credentials allow remote attackers to gain complete system control. This affects all users of Rakuten Casa AP_F_V1_4_1 or AP_F_V2_0_0 firmware versions. Attackers can execute arbitrary commands with root privileges without authentication.

📋 TL;DR

CVE-2022-29525 is a critical authentication bypass vulnerability in Rakuten Casa devices where hard-coded root credentials allow remote attackers to gain complete system control. This affects all users of Rakuten Casa AP_F_V1_4_1 or AP_F_V2_0_0 firmware versions. Attackers can execute arbitrary commands with root privileges without authentication.

💻 Affected Systems

Products:

Rakuten Casa

Versions: AP_F_V1_4_1 and AP_F_V2_0_0

Operating Systems: Embedded Linux on Rakuten Casa hardware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

Casa by Rakuten

View all CVEs affecting Casa →

Casa by Rakuten

View all CVEs affecting Casa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, intercept all network traffic, pivot to internal networks, and permanently brick the device.

🟠

Likely Case

Remote attacker gains root shell access, modifies device configuration, steals credentials, and uses device as foothold for further attacks.

🟢

If Mitigated

If device is behind strict firewall with no external access, risk reduces to internal network compromise only.

🌐 Internet-Facing: HIGH - Devices exposed to internet can be directly exploited by any remote attacker.

🏢 Internal Only: HIGH - Even internally, any network-accessible device can be compromised by attackers who gain internal access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of hard-coded credentials and network access to device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AP_F_V2_0_1 or later

Vendor Advisory: https://network.mobile.rakuten.co.jp/information/news/product/1033/

Restart Required: Yes

Instructions:

1. Log into Rakuten Casa admin interface. 2. Navigate to firmware update section. 3. Download and install AP_F_V2_0_1 or later. 4. Reboot device after installation completes.

🔧 Temporary Workarounds

Network Isolation

all

Place device behind firewall with no external access and restrict internal access to trusted IPs only.

Disable Remote Management

all

Turn off all remote management features and disable WAN-side administration interfaces.

🧯 If You Can't Patch

Immediately disconnect device from internet and place behind strict firewall
Replace device with patched version or alternative product

🔍 How to Verify

Check if Vulnerable:

Check firmware version in device admin interface. If version is AP_F_V1_4_1 or AP_F_V2_0_0, device is vulnerable.

Check Version:

ssh root@[device_ip] 'cat /etc/version' (if SSH access is configured)

Verify Fix Applied:

Verify firmware version shows AP_F_V2_0_1 or later in admin interface.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful root login
Unusual root-level commands executed
Multiple SSH/Telnet connections from unexpected sources

Network Indicators:

SSH/Telnet connections to device from external IPs
Unusual outbound connections from device
Port scans targeting device management ports

SIEM Query:

source="rakuten-casa-logs" (event="authentication_success" AND user="root") OR (event="command_execution" AND privilege="root")

📊 Metadata

CVE ID: CVE-2022-29525

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: June 13, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN46892984/index.html Third Party Advisory,VDB Entry
https://network.mobile.rakuten.co.jp/information/news/product/1033/ Vendor Advisory
https://jvn.jp/en/jp/JVN46892984/index.html Third Party Advisory,VDB Entry
https://network.mobile.rakuten.co.jp/information/news/product/1033/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29525, you might also want to check these: