CVE-2022-28704

Name of the Vulnerable Software and Affected Versions Rakuten Casa versions AP F V1 4 1 through AP F V2 0 0

Description The issue is related to improper access control, allowing a remote attacker to log in with root privilege and perform arbitrary operations if the product is in its default settings, accepting SSH connections from the WAN side and connected to the Internet with unchanged default authentication information.

Recommendations For Rakuten Casa versions AP F V1 4 1 and AP F V2 0 0, consider changing the default authentication information and disabling SSH connections from the WAN side to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.