Search criteria
4 vulnerabilities found for nvr500 by yamaha
VAR-201901-0719
Vulnerability from variot - Updated: 2023-12-18 13:08Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.11.00.36"
},
{
"model": "rt58i",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.9.01.51"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.11.01.31"
},
{
"model": "rt57i",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.8.00.95"
},
{
"model": "fwx120",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "firewall rev.11.03.25"
},
{
"model": "nvr500",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.11.00.36"
},
{
"model": "rt57i",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.8.00.95"
},
{
"model": "rt58i",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.9.01.51"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "gigabit vpn router rev.11.01.31"
},
{
"model": "firewall fwx120 \u003c=rev.11.03.25",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router rt57i \u003c=rev.8.00.95",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router rt58i \u003c=rev.9.01.51",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router nvr500 \u003c=rev.11.00.36",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx810 \u003c=rev.11.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.8.00.95",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.9.01.51",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.11.00.36",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.11.01.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0665"
}
]
},
"cve": "CVE-2018-0665",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000093",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CNVD-2018-16850",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-118867",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000093",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0665",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000093",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16850",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-340",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118867",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN69967692",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-0665",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16850",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118867",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"id": "VAR-201901-0719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
}
],
"trust": 1.6104166666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
}
]
},
"last_update_date": "2023-12-18T13:08:13.508000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yamaha Corporation website",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
},
{
"title": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website",
"trust": 0.8,
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"title": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website",
"trust": 0.8,
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"title": "YamahaCorporation multiple products have script injection vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138965"
},
{
"title": "Multiple Yamaha Corporation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84654"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-74",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn69967692/index.html"
},
{
"trust": 1.7,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
},
{
"trust": 1.7,
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"trust": 1.7,
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0665"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0666"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn69967692/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118867"
},
{
"date": "2018-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"date": "2019-01-09T23:29:01.373000",
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-118867"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple script injection vulnerabilities in multiple Yamaha network devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
],
"trust": 0.6
}
}
VAR-201901-0720
Vulnerability from variot - Updated: 2023-12-18 13:08Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. Yamaha Broadband VoIP Router RT57i and so on are all Yamaha Corporation router products. A security vulnerability exists in the management interface in several Yamaha products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0720",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.11.00.36"
},
{
"model": "rt58i",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.9.01.51"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.11.01.31"
},
{
"model": "rt57i",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.8.00.95"
},
{
"model": "fwx120",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "firewall rev.11.03.25"
},
{
"model": "nvr500",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.11.00.36"
},
{
"model": "rt57i",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.8.00.95"
},
{
"model": "rt58i",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.9.01.51"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "gigabit vpn router rev.11.01.31"
},
{
"model": "firewall fwx120 \u003c=rev.11.03.25",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router rt57i \u003c=rev.8.00.95",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router rt58i \u003c=rev.9.01.51",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router nvr500 \u003c=rev.11.00.36",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx810 \u003c=rev.11.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0666"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.8.00.95",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.9.01.51",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.11.00.36",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.11.01.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0666"
}
]
},
"cve": "CVE-2018-0666",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000093",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CNVD-2018-16849",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-118868",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000093",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0666",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000093",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16849",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-341",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118868",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "VULHUB",
"id": "VHN-118868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. Yamaha Broadband VoIP Router RT57i and so on are all Yamaha Corporation router products. A security vulnerability exists in the management interface in several Yamaha products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "VULHUB",
"id": "VHN-118868"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN69967692",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-0666",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-341",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16849",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118868",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "VULHUB",
"id": "VHN-118868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"id": "VAR-201901-0720",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "VULHUB",
"id": "VHN-118868"
}
],
"trust": 1.6104166666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
}
]
},
"last_update_date": "2023-12-18T13:08:13.479000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yamaha Corporation website",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
},
{
"title": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website",
"trust": 0.8,
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"title": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website",
"trust": 0.8,
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"title": "Patches for Script Injection Vulnerability (CNVD-2018-16849) for Yamaha Corporation\u0027s Multiple Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138963"
},
{
"title": "Multiple Yamaha Corporation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84655"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-74",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0666"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn69967692/index.html"
},
{
"trust": 1.7,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
},
{
"trust": 1.7,
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"trust": 1.7,
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0665"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0666"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn69967692/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "VULHUB",
"id": "VHN-118868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"db": "VULHUB",
"id": "VHN-118868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118868"
},
{
"date": "2018-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"date": "2019-01-09T23:29:01.467000",
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16849"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-118868"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-0666"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple script injection vulnerabilities in multiple Yamaha network devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-341"
}
],
"trust": 0.6
}
}
VAR-202004-1827
Vulnerability from variot - Updated: 2023-12-18 12:56Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors. For multiple network devices provided by Yamaha Corporation, service operation interruption due to processing of received packets (DoS) (CWE-400) Vulnerability exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Keio University Faculty of Science and Engineering Department of Computer Science Amano Lab Niwa Naoya MrService operation obstruction by a remote third party (DoS) You may be attacked. Yamaha NVR500 and others are products of Yamaha Corporation of Japan. Yamaha NVR500 is an enterprise router. Yamaha RTX810 is a Gigabit VPN (Virtual Private Network) router. Yamaha FWX120 is a firewall product.
Denial of service vulnerabilities exist in many Yamaha products. A remote attacker can use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1827",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fwx120",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "11.03.27"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "11.01.33"
},
{
"model": "rtx1200",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "10.01.76"
},
{
"model": "rtx830",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "15.02.09"
},
{
"model": "nvr500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "11.00.38"
},
{
"model": "rtx1210",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "14.01.33"
},
{
"model": "rtx3500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "14.00.26"
},
{
"model": "nvr510",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "15.01.14"
},
{
"model": "rtx5000",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "14.00.26"
},
{
"model": "nvr700w",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "15.00.15"
},
{
"model": "fwx120",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.11.03.27"
},
{
"model": "nvr500",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.11.00.38"
},
{
"model": "nvr510",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.15.01.14"
},
{
"model": "nvr700w",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.15.00.15"
},
{
"model": "rtx1200",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.10.01.76"
},
{
"model": "rtx1210",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.14.01.33"
},
{
"model": "rtx3500",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.14.00.26"
},
{
"model": "rtx5000",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.14.00.26"
},
{
"model": "rtx810",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.11.01.33"
},
{
"model": "rtx830",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.15.02.09"
},
{
"model": "lte voip router nvr700w \u003c=rev.15.00.15",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router nvr510 \u003c=rev.15.01.14",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx810 \u003c=rev.11.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx830 \u003c=rev.15.02.09",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx1200 \u003c=rev.10.01.76",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router rtx1210 \u003c=rev.14.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router rtx3500 \u003c=rev.14.00.26",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router rtx5000 \u003c=rev.14.00.26",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router nvr500 \u003c=rev.11.00.38",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "firewall fwx120 \u003c=rev.11.03.27",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.02.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.01.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.00.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.01.33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx3500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx3500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:fwx120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.03.27",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:fwx120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.01.33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.00.38",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx1200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.01.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5548"
}
]
},
"cve": "CVE-2020-5548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000021",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-21477",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5548",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000021",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-21477",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1751",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors. For multiple network devices provided by Yamaha Corporation, service operation interruption due to processing of received packets (DoS) (CWE-400) Vulnerability exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Keio University Faculty of Science and Engineering Department of Computer Science Amano Lab Niwa Naoya MrService operation obstruction by a remote third party (DoS) You may be attacked. Yamaha NVR500 and others are products of Yamaha Corporation of Japan. Yamaha NVR500 is an enterprise router. Yamaha RTX810 is a Gigabit VPN (Virtual Private Network) router. Yamaha FWX120 is a firewall product. \n\r\n\r\nDenial of service vulnerabilities exist in many Yamaha products. A remote attacker can use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "CNVD",
"id": "CNVD-2020-21477"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN38732359",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2020-5548",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-21477",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"id": "VAR-202004-1827",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
}
],
"trust": 1.5511363636363638
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
}
]
},
"last_update_date": "2023-12-18T12:56:03.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u300c\u30e4\u30de\u30cf\u88fd\u306e\u8907\u6570\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3 (DoS) \u306e\u8106\u5f31\u6027\u300d\u306b\u3064\u3044\u3066 ",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn38732359.html"
},
{
"title": "Biz Box\u30eb\u30fc\u30bf\u3092\u3054\u5229\u7528\u306e\u304a\u5ba2\u3055\u307e\u3078",
"trust": 0.8,
"url": "https://flets-w.com/solution/kiki_info/info/200331.html"
},
{
"title": "BizBox\u30eb\u30fc\u30bf\u30fb\u30e4\u30de\u30cf\u30eb\u30fc\u30bf\u3092\u3054\u5229\u7528\u306e\u304a\u5ba2\u3055\u307e\u3078",
"trust": 0.8,
"url": "https://web116.jp/ced/support/news/contents/2020/20200331.html"
},
{
"title": "Patch for Multiple Yamaha product denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/212643"
},
{
"title": "Multiple Yamaha Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn38732359.html"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn38732359/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5548"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn38732359/index.html"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn38732359/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5548"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"date": "2020-04-01T12:15:15.210000",
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"date": "2020-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"date": "2020-04-02T17:25:32.917000",
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Interfering with service operations on multiple Yamaha network devices (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
],
"trust": 0.6
}
}
VAR-201510-0774
Vulnerability from variot - Updated: 2022-05-17 02:02Multiple router products contain an issue in the protection against clickjacking attacks. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests. Successful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple venders",
"version": null
},
{
"model": "srt100",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rtx810",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.1.21"
},
{
"model": "rtx1500",
"scope": null,
"trust": 0.3,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1210",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rtx1200",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "10.1.59"
},
{
"model": "rtv01",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rt58i",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rt107e",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "nvr500",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.0.25"
},
{
"model": "fwx120",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.3.8"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.3,
"vendor": "nec",
"version": "3.1"
},
{
"model": "rtx810",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.1.25"
},
{
"model": "rtx1200",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "10.1.65"
},
{
"model": "nvr500",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.0.28"
},
{
"model": "fwx120",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.3.13"
},
{
"model": "infocage",
"scope": "ne",
"trust": 0.3,
"vendor": "nec",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Noriaki Iwasaki of Cyber Defense Institute",
"sources": [
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000172",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2015-000172",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple router products contain an issue in the protection against clickjacking attacks. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests. \nSuccessful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
},
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN48135658",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172",
"trust": 0.8
},
{
"db": "BID",
"id": "77386",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"id": "VAR-201510-0774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4625
},
"last_update_date": "2022-05-17T02:02:28.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yamaha Corporation website",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn48135658.html"
},
{
"title": "vulnera_20151127",
"trust": 0.8,
"url": "http://www.furukawa.co.jp/fitelnet/topic/vulnera_20151127.html"
},
{
"title": "Information from Allied Telesis",
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn48135658/522154/index.html"
},
{
"title": "NV15-019",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-019.html"
},
{
"title": " PLANEX COMMUNICATIONS INC. website ",
"trust": 0.8,
"url": "http://www.planex.co.jp/news/info/20151030_info.shtml"
},
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/clickjacking/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://jvn.jp/en/jp/jvn48135658/index.html"
},
{
"trust": 0.3,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn48135658.html"
},
{
"trust": 0.3,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-019.html"
}
],
"sources": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-30T00:00:00",
"db": "BID",
"id": "77386"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-30T00:00:00",
"db": "BID",
"id": "77386"
},
{
"date": "2016-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple routers contain issue in preventing clickjacking attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.3
}
}