Improper Access Control Vulnerability in Rakuten Casa: Unauthorized Remote Information Disclosure

Improper Access Control Vulnerability in Rakuten Casa: Unauthorized Remote Information Disclosure

CVE-2022-26834 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.

Learn more about our Web Application Penetration Testing UK.