CVE-2022-22986 An attacker on the network can run OS commands on the OG410X/OG810X with older firmware versions.

An attacker can use this vulnerability to install malware on the device. Netcommunity OG410X and OG810X series (Netcommunity OG410Xa and OG810Xa, OG410Xi and OG810Xi, OG810Xa and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. An attacker can use this vulnerability to install malware on the device. CVE-2018-8299 In Acer Liquid Jade Primo and Jade Primo, all versions of Acer Liquid E3 and E3 Plus, Acer Liquid Jade and Jade Plus, all versions of Acer Liquid Jade Green and Jade Green Plus, Acer Liquid Jade Spark and Jade Spark, Acer Liquid Jade X and Jade X, Acer Liquid Z150 and Z150 Plus, all versions of Acer Liquid Jade Helio and Helio Spark, and Acer Liquid Jade Primo and Jade Primo, all versions of Acer Liquid M140 and M140 Plus, Acer Liquid Jade X and Jade X, Acer Liquid Jade Spark and Jade Spark, Acer Liquid Jade Primo and Jade Primo, all versions of Acer Liquid M320 and M320 Plus, Acer Liquid Jade Spark and Jade Spark, Acer Liquid Jade Primo and Jade Primo, all versions of Acer Liquid Z330 and Z330 Plus, Acer Liquid Jade Helio and Helio Spark, Acer Liquid Jade Spark and Jade Spark, Acer Liquid Jade Spark and Jade Spark, Acer

Operation Scenario

When an attacker sends a crafted config file to the device, the device executes an OS command on another device on the same network.
Acer has released firmware version 2.28 and earlier to address this vulnerability. The following patch is available for download at https://www.acer.com/Download/DownloadIndex?family=Netcommunity&model=OG410Xa&ver=2.28

How to check if your device is vulnerable to Acer Liquid Jade Spark WIFI attack

To check if your device is vulnerable to an Acer Liquid Jade Spark attack, follow these steps:
1. Open the "System Update" app in your phone's menus.
2. Click "Backup / Restore".
3. Locate and open the "Restore from Backup" screen.
4. Look through the list of backup folders and find the one with a date before November 17, 2018 and search for "res_update" within it.
5. If you find a file called "res_update" then your device is not vulnerable to this attack and you can continue with other steps on this article as normal.

Overview

An attacker can use this vulnerability to install malware on the device. Netcommunity OG410X and OG810X series (Netcommunity OG410Xa and OG810Xa, OG410Xi and OG810Xi, OG810Xa and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. An attacker can use this vulnerability to install malware on the device.

Timeline

Published on: 03/31/2022 08:15:00 UTC
Last modified on: 04/08/2022 13:23:00 UTC

References

• https://jvn.jp/en/vu/JVNVU94900322/index.html
• https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html
• https://business.ntt-east.co.jp/topics/2022/03_22.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22986