JVN#55217369: Rakuten WiFi Pocket vulnerable to improper authentication

Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router.
Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability (CWE-287).

Impact

An attacker who can access the product may log in to the product’s Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.

Solution

Stop using the product and Switch to alternative products
The developer states that the affected product is no longer supported, and recommends to use alternative products.
For more information, refer to the information provided by the developer.

Products Affected

• Rakuten WiFi Pocket all versions
  Note that Rakuten WiFi Pocket 2B and Rakuten WiFi Pocket 2C are not affected by this vulnerability.