JVN#10724763: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to an issue in processing certain packets. (CWE-119)

Impact

By receiving a specially crafted TCP packet, a session established using PPPAC may be disconnected or stop accepting connections.

Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

Apply a workaround
According to the developer, updated firmware for SEIL/Turbo and SEIL/neu 2FE Plus are still being developed.
If using either of these products, apply the appropriate workarounds according to the information provided by the developer.

Products Affected

• SEIL/x86 1.00 to 3.10
• SEIL/X1 1.00 to 4.50
• SEIL/X2 1.00 to 4.50
• SEIL/B1 1.00 to 4.50
• SEIL/Turbo 1.80 to 2.17
• SEIL/neu 2FE Plus 1.80 to 2.17