All the vulnerabilites related to yamaha - rtx1210
var-202004-1827
Vulnerability from variot
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors. For multiple network devices provided by Yamaha Corporation, service operation interruption due to processing of received packets (DoS) (CWE-400) Vulnerability exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Keio University Faculty of Science and Engineering Department of Computer Science Amano Lab Niwa Naoya MrService operation obstruction by a remote third party (DoS) You may be attacked. Yamaha NVR500 and others are products of Yamaha Corporation of Japan. Yamaha NVR500 is an enterprise router. Yamaha RTX810 is a Gigabit VPN (Virtual Private Network) router. Yamaha FWX120 is a firewall product.
Denial of service vulnerabilities exist in many Yamaha products. A remote attacker can use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1827",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fwx120",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "11.03.27"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "11.01.33"
},
{
"model": "rtx1200",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "10.01.76"
},
{
"model": "rtx830",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "15.02.09"
},
{
"model": "nvr500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "11.00.38"
},
{
"model": "rtx1210",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "14.01.33"
},
{
"model": "rtx3500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "14.00.26"
},
{
"model": "nvr510",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "15.01.14"
},
{
"model": "rtx5000",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "14.00.26"
},
{
"model": "nvr700w",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "15.00.15"
},
{
"model": "fwx120",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.11.03.27"
},
{
"model": "nvr500",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.11.00.38"
},
{
"model": "nvr510",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.15.01.14"
},
{
"model": "nvr700w",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.15.00.15"
},
{
"model": "rtx1200",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.10.01.76"
},
{
"model": "rtx1210",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.14.01.33"
},
{
"model": "rtx3500",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.14.00.26"
},
{
"model": "rtx5000",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.14.00.26"
},
{
"model": "rtx810",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.11.01.33"
},
{
"model": "rtx830",
"scope": "eq",
"trust": 0.8,
"vendor": "yamaha",
"version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 rev.15.02.09"
},
{
"model": "lte voip router nvr700w \u003c=rev.15.00.15",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router nvr510 \u003c=rev.15.01.14",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx810 \u003c=rev.11.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx830 \u003c=rev.15.02.09",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx1200 \u003c=rev.10.01.76",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router rtx1210 \u003c=rev.14.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router rtx3500 \u003c=rev.14.00.26",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit voip router rtx5000 \u003c=rev.14.00.26",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router nvr500 \u003c=rev.11.00.38",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "firewall fwx120 \u003c=rev.11.03.27",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.02.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.01.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.00.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.01.33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx3500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx3500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:fwx120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.03.27",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:fwx120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.01.33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.00.38",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx1200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.01.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5548"
}
]
},
"cve": "CVE-2020-5548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000021",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-21477",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5548",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000021",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-21477",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1751",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors. For multiple network devices provided by Yamaha Corporation, service operation interruption due to processing of received packets (DoS) (CWE-400) Vulnerability exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Keio University Faculty of Science and Engineering Department of Computer Science Amano Lab Niwa Naoya MrService operation obstruction by a remote third party (DoS) You may be attacked. Yamaha NVR500 and others are products of Yamaha Corporation of Japan. Yamaha NVR500 is an enterprise router. Yamaha RTX810 is a Gigabit VPN (Virtual Private Network) router. Yamaha FWX120 is a firewall product. \n\r\n\r\nDenial of service vulnerabilities exist in many Yamaha products. A remote attacker can use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "CNVD",
"id": "CNVD-2020-21477"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN38732359",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2020-5548",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-21477",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"id": "VAR-202004-1827",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
}
],
"trust": 1.5511363636363638
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
}
]
},
"last_update_date": "2023-12-18T12:56:03.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u300c\u30e4\u30de\u30cf\u88fd\u306e\u8907\u6570\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3 (DoS) \u306e\u8106\u5f31\u6027\u300d\u306b\u3064\u3044\u3066 ",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn38732359.html"
},
{
"title": "Biz Box\u30eb\u30fc\u30bf\u3092\u3054\u5229\u7528\u306e\u304a\u5ba2\u3055\u307e\u3078",
"trust": 0.8,
"url": "https://flets-w.com/solution/kiki_info/info/200331.html"
},
{
"title": "BizBox\u30eb\u30fc\u30bf\u30fb\u30e4\u30de\u30cf\u30eb\u30fc\u30bf\u3092\u3054\u5229\u7528\u306e\u304a\u5ba2\u3055\u307e\u3078",
"trust": 0.8,
"url": "https://web116.jp/ced/support/news/contents/2020/20200331.html"
},
{
"title": "Patch for Multiple Yamaha product denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/212643"
},
{
"title": "Multiple Yamaha Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn38732359.html"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn38732359/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5548"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn38732359/index.html"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn38732359/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5548"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"date": "2020-04-01T12:15:15.210000",
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21477"
},
{
"date": "2020-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000021"
},
{
"date": "2020-04-02T17:25:32.917000",
"db": "NVD",
"id": "CVE-2020-5548"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Interfering with service operations on multiple Yamaha network devices (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1751"
}
],
"trust": 0.6
}
}
var-201510-0774
Vulnerability from variot
Multiple router products contain an issue in the protection against clickjacking attacks. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests. Successful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple venders",
"version": null
},
{
"model": "srt100",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rtx810",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.1.21"
},
{
"model": "rtx1500",
"scope": null,
"trust": 0.3,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1210",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rtx1200",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "10.1.59"
},
{
"model": "rtv01",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rt58i",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rt107e",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "nvr500",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.0.25"
},
{
"model": "fwx120",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.3.8"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.3,
"vendor": "nec",
"version": "3.1"
},
{
"model": "rtx810",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.1.25"
},
{
"model": "rtx1200",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "10.1.65"
},
{
"model": "nvr500",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.0.28"
},
{
"model": "fwx120",
"scope": "ne",
"trust": 0.3,
"vendor": "yamaha",
"version": "11.3.13"
},
{
"model": "infocage",
"scope": "ne",
"trust": 0.3,
"vendor": "nec",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Noriaki Iwasaki of Cyber Defense Institute",
"sources": [
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000172",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2015-000172",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple router products contain an issue in the protection against clickjacking attacks. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests. \nSuccessful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
},
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN48135658",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172",
"trust": 0.8
},
{
"db": "BID",
"id": "77386",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"id": "VAR-201510-0774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4625
},
"last_update_date": "2022-05-17T02:02:28.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yamaha Corporation website",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn48135658.html"
},
{
"title": "vulnera_20151127",
"trust": 0.8,
"url": "http://www.furukawa.co.jp/fitelnet/topic/vulnera_20151127.html"
},
{
"title": "Information from Allied Telesis",
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn48135658/522154/index.html"
},
{
"title": "NV15-019",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-019.html"
},
{
"title": " PLANEX COMMUNICATIONS INC. website ",
"trust": 0.8,
"url": "http://www.planex.co.jp/news/info/20151030_info.shtml"
},
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/clickjacking/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://jvn.jp/en/jp/jvn48135658/index.html"
},
{
"trust": 0.3,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn48135658.html"
},
{
"trust": 0.3,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-019.html"
}
],
"sources": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "77386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-30T00:00:00",
"db": "BID",
"id": "77386"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-30T00:00:00",
"db": "BID",
"id": "77386"
},
{
"date": "2016-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple routers contain issue in preventing clickjacking attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000172"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "77386"
}
],
"trust": 0.3
}
}
cve-2020-5548
Vulnerability from cvelistv5
Published
2020-04-01 11:15
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN38732359/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yamaha Corporation | Yamaha network devices |
Version: Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha network devices",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T11:15:15",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha network devices",
"version": {
"version_data": [
{
"version_value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"name": "https://jvn.jp/en/jp/JVN38732359/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5548",
"datePublished": "2020-04-01T11:15:15",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20843
Vulnerability from cvelistv5
Published
2021-11-24 08:25
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | x_refsource_MISC | |
| https://business.ntt-east.co.jp/topics/2021/11_09.html | x_refsource_MISC | |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU91161784/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Version: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RTX830, NVR510, NVR700W, RTX1210",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:25:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTX830, NVR510, NVR700W, RTX1210",
"version": {
"version_data": [
{
"version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20843",
"datePublished": "2021-11-24T08:25:44",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20844
Vulnerability from cvelistv5
Published
2021-11-24 08:25
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | x_refsource_MISC | |
| https://business.ntt-east.co.jp/topics/2021/11_09.html | x_refsource_MISC | |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU91161784/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Version: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RTX830, NVR510, NVR700W, RTX1210",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:25:45",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTX830, NVR510, NVR700W, RTX1210",
"version": {
"version_data": [
{
"version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of HTTP Headers for Scripting Syntax"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20844",
"datePublished": "2021-11-24T08:25:45",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-01 12:15
Modified
2024-11-21 05:34
Severity ?
Summary
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN38732359/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN38732359/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yamaha | rtx830_firmware | * | |
| yamaha | rtx830 | - | |
| yamaha | nvr510_firmware | * | |
| yamaha | nvr510 | - | |
| yamaha | nvr700w_firmware | * | |
| yamaha | nvr700w | - | |
| yamaha | rtx1210_firmware | * | |
| yamaha | rtx1210 | - | |
| yamaha | rtx5000_firmware | * | |
| yamaha | rtx5000 | - | |
| yamaha | rtx3500_firmware | * | |
| yamaha | rtx3500 | - | |
| yamaha | fwx120_firmware | * | |
| yamaha | fwx120 | - | |
| yamaha | rtx810_firmware | * | |
| yamaha | rtx810 | - | |
| yamaha | nvr500_firmware | * | |
| yamaha | nvr500 | - | |
| yamaha | rtx1200_firmware | * | |
| yamaha | rtx1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B414D4B-8464-42CB-BE14-8ABFA26F1FDA",
"versionEndIncluding": "15.02.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71966C3D-18F4-4101-8DCC-87208BBCF61B",
"versionEndIncluding": "15.01.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87C14E67-7BE0-4BF5-8B0D-02305F5B831C",
"versionEndIncluding": "15.00.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11D8E2-E409-4D72-BEB0-49943D8EB1D5",
"versionEndIncluding": "14.01.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E337794-45D4-44B1-9B3B-363ED322CC6C",
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F68786-EBBA-4AB9-9E86-7806713B9117",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx3500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F26DDF-CDA6-48C3-B755-947940CF5D77",
"versionEndIncluding": "14.00.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE1FDA5-0F68-4104-9304-319E5F427E69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:fwx120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E044DF7B-4118-4D02-9435-763A248DAC12",
"versionEndIncluding": "11.03.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:fwx120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBE3E44-1A97-4B6D-912C-609D8B45D105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBB1629-0E21-498B-BD5B-E03E711AC42A",
"versionEndIncluding": "11.01.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32B7EF2A-748F-4EDE-82DD-B6D135097147",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03C1-7B13-42FE-B48B-FD12367D521B",
"versionEndIncluding": "11.00.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2BF515-DCF0-4EBB-AB33-2BEB8B926453",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BE58B3-5B65-4A37-8E8C-53ACF39941FD",
"versionEndIncluding": "10.01.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF07005-4053-4419-B9A7-F2591FF1F8F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "El Enrutador Yamaha LTE VoIP (NVR700W versiones de firmware Rev.15.00.15 y anteriores), el Enrutador Yamaha Gigabit VoIP (NVR510 versiones de firmware Rev.15.01.14 y anteriores), el Enrutador Yamaha Gigabit VPN (RTX810 versiones de firmware Rev.11.01.33 y anteriores, RTX830 versiones de firmware Rev .15.02.09 y anteriores, RTX1200 versiones de firmware Rev.10.01.76 y anteriores, RTX1210 versiones de firmware Rev.14.01.33 y anteriores, RTX3500 firmware Rev.14.00.26 y anteriores, y RTX5000 firmware Rev.14.00.26 y anteriores), el Enrutador Yamaha Broadband VoIP (NVR500 versiones de firmware Rev.11.00.38 y anteriores) y Yamaha Firewall (FWX120 versiones de firmware Rev.11.03.27 y anteriores), permiten a atacantes remotos causar una denegaci\u00f3n de servicio por medio de vectores no especificados."
}
],
"id": "CVE-2020-5548",
"lastModified": "2024-11-21T05:34:15.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T12:15:15.210",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN38732359/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-24 16:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA148A58-912E-448A-97B4-056F2EFE30B0",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6",
"versionEndIncluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6679812C-0DC7-408E-8387-35BC4948063D",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742F40F8-41DC-4E31-8C98-A46015A984B6",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CADF05-D820-4923-90E8-C7A96DFCBA54",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFEFB4A-C552-4649-B59F-6FB10A79DA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4489C-5BAB-42DF-B5EA-7833527F4A24",
"versionEndExcluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221F5AFD-8DE5-44D0-8532-AE5895369759",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399DC40A-66AE-4B23-83BD-E7CBDD093415",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60517A56-D41C-4931-BBA7-A1AA6058CCC1",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9E8F0E-8006-4474-9700-3DCAC5A40278",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inclusi\u00f3n de scripts en la interfaz gr\u00e1fica de usuario de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores, permite a un atacante remoto autenticado alterar la configuraci\u00f3n del producto por medio de una p\u00e1gina web especialmente dise\u00f1ada"
}
],
"id": "CVE-2021-20843",
"lastModified": "2024-11-21T05:47:15.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-24T16:15:13.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-24 16:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA148A58-912E-448A-97B4-056F2EFE30B0",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6",
"versionEndIncluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6679812C-0DC7-408E-8387-35BC4948063D",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742F40F8-41DC-4E31-8C98-A46015A984B6",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CADF05-D820-4923-90E8-C7A96DFCBA54",
"versionEndIncluding": "15.02.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFEFB4A-C552-4649-B59F-6FB10A79DA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4489C-5BAB-42DF-B5EA-7833527F4A24",
"versionEndExcluding": "15.01.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221F5AFD-8DE5-44D0-8532-AE5895369759",
"versionEndIncluding": "15.00.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399DC40A-66AE-4B23-83BD-E7CBDD093415",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60517A56-D41C-4931-BBA7-A1AA6058CCC1",
"versionEndIncluding": "14.01.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9E8F0E-8006-4474-9700-3DCAC5A40278",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inapropiada de los encabezados de peticiones HTTP para la sintaxis de scripts en la interfaz gr\u00e1fica de usuario de la web de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores permite a un atacante remoto autenticado obtener informaci\u00f3n confidencial por medio de una p\u00e1gina web especialmente dise\u00f1ada"
}
],
"id": "CVE-2021-20844",
"lastModified": "2024-11-21T05:47:16.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-24T16:15:13.280",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}