Details of VAR-202201-1505

ID

VAR-202201-1505

CVE

CVE-2022-0184

TITLE

Label printer "Tepura" PRO SR5900P / SR-R7900P Inadequate protection vulnerability in authentication information

Trust: 0.8

sources: JVNDB: JVNDB-2022-000004

DESCRIPTION

Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. Label printer "Tepura" provided by King Jim Co., Ltd. PRO SR5900P / SR-R7900P Inadequate protection of credentials (CWE-522) A vulnerability exists. This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Mitsui Bussan Secure Direction Co., Ltd

Trust: 1.62

sources: NVD: CVE-2022-0184 // JVNDB: JVNDB-2022-000004

IOT TAXONOMY

category:

['home & office device']

sub_category:

printer

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	kingjim	model:	spc10	scope:	lte	version:	1.0.1.0	Trust: 1.0
vendor:	kingjim	model:	sma3	scope:	lt	version:	1.20	Trust: 1.0
vendor:	kingjim	model:	tepura pro sr-7900p	scope:	lte	version:	1.030	Trust: 1.0
vendor:	kingjim	model:	tepura pro sr5900p	scope:	lte	version:	1.080	Trust: 1.0
vendor:	株式会社キングジム	model:	ラベルプリンター「テプラ」 pro sr-r7900p 本体ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	株式会社キングジム	model:	ラベルプリンター「テプラ」 pro sr5900p 本体ソフトウェア	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-000004 // NVD: CVE-2022-0184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-0184
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2022-000004
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202201-1053
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-0184
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2022-000004
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2022-0184
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
IPA:	JVNDB-2022-000004
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-000004 // CNNVD: CNNVD-202201-1053 // NVD: CVE-2022-0184

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Other (CWE-Other) [IPA Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-000004 // NVD: CVE-2022-0184

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202201-1053

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202201-1053

PATCH

title:	Label printer "Tepura" PRO SR5900P / SR-R7900P About vulnerabilities in	url:	https://www.kingjim.co.jp/download/security/#sr01	Trust: 0.8
title:	KING JIM Label printer Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177921	Trust: 0.6

sources: JVNDB: JVNDB-2022-000004 // CNNVD: CNNVD-202201-1053

EXTERNAL IDS

db:	NVD	id:	CVE-2022-0184	Trust: 2.5
db:	JVN	id:	JVN81479705	Trust: 2.4
db:	JVNDB	id:	JVNDB-2022-000004	Trust: 1.4
db:	CS-HELP	id:	SB2022011302	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1053	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-000004 // CNNVD: CNNVD-202201-1053 // NVD: CVE-2022-0184

REFERENCES

url:	https://www.kingjim.co.jp/download/security/#sr01	Trust: 1.6
url:	https://jvn.jp/en/jp/jvn81479705/index.html	Trust: 1.6
url:	https://jvn.jp/jp/jvn81479705/index.html	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022011302	Trust: 0.6
url:	https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000004.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0184	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-000004 // CNNVD: CNNVD-202201-1053 // NVD: CVE-2022-0184

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-000004
db:	CNNVD	id:	CNNVD-202201-1053
db:	NVD	id:	CVE-2022-0184

LAST UPDATE DATE

2025-01-30T21:27:28.892000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-000004	date:	2022-01-13T05:05:00
db:	CNNVD	id:	CNNVD-202201-1053	date:	2022-02-28T00:00:00
db:	NVD	id:	CVE-2022-0184	date:	2024-11-21T06:38:05.647

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-000004	date:	2022-01-13T00:00:00
db:	CNNVD	id:	CNNVD-202201-1053	date:	2022-01-13T00:00:00
db:	NVD	id:	CVE-2022-0184	date:	2022-01-17T10:15:08.247