Search criteria
9 vulnerabilities found for nvr510_firmware by yamaha
FKIE_CVE-2021-20844
Vulnerability from fkie_nvd - Published: 2021-11-24 16:15 - Updated: 2024-11-21 05:47
Severity ?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA148A58-912E-448A-97B4-056F2EFE30B0",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6",
"versionEndIncluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6679812C-0DC7-408E-8387-35BC4948063D",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742F40F8-41DC-4E31-8C98-A46015A984B6",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CADF05-D820-4923-90E8-C7A96DFCBA54",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFEFB4A-C552-4649-B59F-6FB10A79DA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4489C-5BAB-42DF-B5EA-7833527F4A24",
"versionEndExcluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221F5AFD-8DE5-44D0-8532-AE5895369759",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399DC40A-66AE-4B23-83BD-E7CBDD093415",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60517A56-D41C-4931-BBA7-A1AA6058CCC1",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9E8F0E-8006-4474-9700-3DCAC5A40278",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inapropiada de los encabezados de peticiones HTTP para la sintaxis de scripts en la interfaz gr\u00e1fica de usuario de la web de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores permite a un atacante remoto autenticado obtener informaci\u00f3n confidencial por medio de una p\u00e1gina web especialmente dise\u00f1ada"
}
],
"id": "CVE-2021-20844",
"lastModified": "2024-11-21T05:47:16.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-24T16:15:13.280",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20843
Vulnerability from fkie_nvd - Published: 2021-11-24 16:15 - Updated: 2024-11-21 05:47
Severity ?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA148A58-912E-448A-97B4-056F2EFE30B0",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6",
"versionEndIncluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6679812C-0DC7-408E-8387-35BC4948063D",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742F40F8-41DC-4E31-8C98-A46015A984B6",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CADF05-D820-4923-90E8-C7A96DFCBA54",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFEFB4A-C552-4649-B59F-6FB10A79DA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4489C-5BAB-42DF-B5EA-7833527F4A24",
"versionEndExcluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221F5AFD-8DE5-44D0-8532-AE5895369759",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399DC40A-66AE-4B23-83BD-E7CBDD093415",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60517A56-D41C-4931-BBA7-A1AA6058CCC1",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9E8F0E-8006-4474-9700-3DCAC5A40278",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inclusi\u00f3n de scripts en la interfaz gr\u00e1fica de usuario de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores, permite a un atacante remoto autenticado alterar la configuraci\u00f3n del producto por medio de una p\u00e1gina web especialmente dise\u00f1ada"
}
],
"id": "CVE-2021-20843",
"lastModified": "2024-11-21T05:47:15.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-24T16:15:13.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-5548
Vulnerability from fkie_nvd - Published: 2020-04-01 12:15 - Updated: 2024-11-21 05:34
Severity ?
Summary
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN38732359/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN38732359/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yamaha | rtx830_firmware | * | |
| yamaha | rtx830 | - | |
| yamaha | nvr510_firmware | * | |
| yamaha | nvr510 | - | |
| yamaha | nvr700w_firmware | * | |
| yamaha | nvr700w | - | |
| yamaha | rtx1210_firmware | * | |
| yamaha | rtx1210 | - | |
| yamaha | rtx5000_firmware | * | |
| yamaha | rtx5000 | - | |
| yamaha | rtx3500_firmware | * | |
| yamaha | rtx3500 | - | |
| yamaha | fwx120_firmware | * | |
| yamaha | fwx120 | - | |
| yamaha | rtx810_firmware | * | |
| yamaha | rtx810 | - | |
| yamaha | nvr500_firmware | * | |
| yamaha | nvr500 | - | |
| yamaha | rtx1200_firmware | * | |
| yamaha | rtx1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B414D4B-8464-42CB-BE14-8ABFA26F1FDA",
"versionEndIncluding": "15.02.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71966C3D-18F4-4101-8DCC-87208BBCF61B",
"versionEndIncluding": "15.01.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87C14E67-7BE0-4BF5-8B0D-02305F5B831C",
"versionEndIncluding": "15.00.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11D8E2-E409-4D72-BEB0-49943D8EB1D5",
"versionEndIncluding": "14.01.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E337794-45D4-44B1-9B3B-363ED322CC6C",
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F68786-EBBA-4AB9-9E86-7806713B9117",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx3500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F26DDF-CDA6-48C3-B755-947940CF5D77",
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE1FDA5-0F68-4104-9304-319E5F427E69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:fwx120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E044DF7B-4118-4D02-9435-763A248DAC12",
"versionEndIncluding": "11.03.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:fwx120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBE3E44-1A97-4B6D-912C-609D8B45D105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBB1629-0E21-498B-BD5B-E03E711AC42A",
"versionEndIncluding": "11.01.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32B7EF2A-748F-4EDE-82DD-B6D135097147",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03C1-7B13-42FE-B48B-FD12367D521B",
"versionEndIncluding": "11.00.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2BF515-DCF0-4EBB-AB33-2BEB8B926453",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BE58B3-5B65-4A37-8E8C-53ACF39941FD",
"versionEndIncluding": "10.01.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF07005-4053-4419-B9A7-F2591FF1F8F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "El Enrutador Yamaha LTE VoIP (NVR700W versiones de firmware Rev.15.00.15 y anteriores), el Enrutador Yamaha Gigabit VoIP (NVR510 versiones de firmware Rev.15.01.14 y anteriores), el Enrutador Yamaha Gigabit VPN (RTX810 versiones de firmware Rev.11.01.33 y anteriores, RTX830 versiones de firmware Rev .15.02.09 y anteriores, RTX1200 versiones de firmware Rev.10.01.76 y anteriores, RTX1210 versiones de firmware Rev.14.01.33 y anteriores, RTX3500 firmware Rev.14.00.26 y anteriores, y RTX5000 firmware Rev.14.00.26 y anteriores), el Enrutador Yamaha Broadband VoIP (NVR500 versiones de firmware Rev.11.00.38 y anteriores) y Yamaha Firewall (FWX120 versiones de firmware Rev.11.03.27 y anteriores), permiten a atacantes remotos causar una denegaci\u00f3n de servicio por medio de vectores no especificados."
}
],
"id": "CVE-2020-5548",
"lastModified": "2024-11-21T05:34:15.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T12:15:15.210",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-20844 (GCVE-0-2021-20844)
Vulnerability from cvelistv5 – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
VLAI?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
Severity ?
No CVSS data available.
CWE
- Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Affected:
RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RTX830, NVR510, NVR700W, RTX1210",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:25:45",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTX830, NVR510, NVR700W, RTX1210",
"version": {
"version_data": [
{
"version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of HTTP Headers for Scripting Syntax"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20844",
"datePublished": "2021-11-24T08:25:45",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20843 (GCVE-0-2021-20843)
Vulnerability from cvelistv5 – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
Severity ?
No CVSS data available.
CWE
- Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Affected:
RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RTX830, NVR510, NVR700W, RTX1210",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:25:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTX830, NVR510, NVR700W, RTX1210",
"version": {
"version_data": [
{
"version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20843",
"datePublished": "2021-11-24T08:25:44",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5548 (GCVE-0-2020-5548)
Vulnerability from cvelistv5 – Published: 2020-04-01 11:15 – Updated: 2024-08-04 08:30
VLAI?
Summary
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | Yamaha network devices |
Affected:
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha network devices",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T11:15:15",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha network devices",
"version": {
"version_data": [
{
"version_value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"name": "https://jvn.jp/en/jp/JVN38732359/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5548",
"datePublished": "2020-04-01T11:15:15",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20844 (GCVE-0-2021-20844)
Vulnerability from nvd – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
VLAI?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
Severity ?
No CVSS data available.
CWE
- Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Affected:
RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RTX830, NVR510, NVR700W, RTX1210",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:25:45",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTX830, NVR510, NVR700W, RTX1210",
"version": {
"version_data": [
{
"version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of HTTP Headers for Scripting Syntax"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20844",
"datePublished": "2021-11-24T08:25:45",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20843 (GCVE-0-2021-20843)
Vulnerability from nvd – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
Severity ?
No CVSS data available.
CWE
- Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Affected:
RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RTX830, NVR510, NVR700W, RTX1210",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:25:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTX830, NVR510, NVR700W, RTX1210",
"version": {
"version_data": [
{
"version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20843",
"datePublished": "2021-11-24T08:25:44",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5548 (GCVE-0-2020-5548)
Vulnerability from nvd – Published: 2020-04-01 11:15 – Updated: 2024-08-04 08:30
VLAI?
Summary
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | Yamaha network devices |
Affected:
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha network devices",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T11:15:15",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha network devices",
"version": {
"version_data": [
{
"version_value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"name": "https://jvn.jp/en/jp/JVN38732359/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5548",
"datePublished": "2020-04-01T11:15:15",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}