Search criteria
9 vulnerabilities by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
CVE-2024-47044 (GCVE-0-2024-47044)
Vulnerability from cvelistv5 – Published: 2024-09-26 08:34 – Updated: 2024-10-17 01:33
VLAI?
Summary
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
Severity ?
5.3 (Medium)
CWE
- CWE-451 - User interface (UI) misrepresentation of critical information
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router RT-400MI |
Affected:
Ver.09.00.0015 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-400mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rt-400mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rv-440mi_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rv-440mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "09.00.0015",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-500mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rs-500mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rt-500mi_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-500mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "08.00.0004",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-600mi_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rx-600mi_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rx-600mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "01.00.0008",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:32:49.475278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:42:16.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hikari Denwa router RT-400MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Hikari Denwa router PR-400MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Hikari Denwa router RV-440MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Home GateWay/Hikari Denwa router PR-500MI/RS-500MI/RT-500MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.08.00.0004 and earlier"
}
]
},
{
"product": "Home GateWay/Hikari Denwa router PR-600MI/RX-600MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.01.00.0008 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product\u0027s Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User interface (UI) misrepresentation of critical information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T01:33:49.083Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web116.jp/ced/support/news/contents/2024/20240930.html"
},
{
"url": "https://web116.jp/ced/support/version/broadband/rt_400mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/pr_400mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/rv_440mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/500mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/600mi/"
},
{
"url": "https://jvn.jp/en/jp/JVN78356367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47044",
"datePublished": "2024-09-26T08:34:30.347Z",
"dateReserved": "2024-09-17T04:53:47.412Z",
"dateUpdated": "2024-10-17T01:33:49.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47045 (GCVE-0-2024-47045)
Vulnerability from cvelistv5 – Published: 2024-09-26 03:33 – Updated: 2024-09-26 14:45
VLAI?
Summary
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.
Severity ?
7.8 (High)
CWE
- CWE-268 - Privilege chaining
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| National Tax Agency | The installer of e-Tax software(common program) |
Affected:
All versions distributed on the NTA website before 2024 September 24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:e-tax.nta:e-tax:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-tax",
"vendor": "e-tax.nta",
"versions": [
{
"lessThan": "3.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:42:00.395236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:45:34.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "The installer of e-Tax software(common program)",
"vendor": "National Tax Agency",
"versions": [
{
"status": "affected",
"version": "All versions distributed on the NTA website before 2024 September 24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege chaining",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T06:22:26.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN57749899/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47045",
"datePublished": "2024-09-26T03:33:48.931Z",
"dateReserved": "2024-09-17T05:33:19.502Z",
"dateUpdated": "2024-09-26T14:45:34.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0665 (GCVE-0-2018-0665)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
Severity ?
No CVSS data available.
CWE
- Script Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0665",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0666 (GCVE-0-2018-0666)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
Severity ?
No CVSS data available.
CWE
- Script Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0666",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0563 (GCVE-0-2018-0563)
Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
VLAI?
Summary
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets.com/customer/next/sec/setup/esat_install.html",
"refsource": "MISC",
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"name": "https://flets.com/customer/tec/fvc/setup/esat_install.html",
"refsource": "MISC",
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0563",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0515 (GCVE-0-2018-0515)
Vulnerability from cvelistv5 – Published: 2018-02-16 17:00 – Updated: 2024-08-05 03:28
VLAI?
Summary
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | "FLET'S Azukeru Backup Tool" |
Affected:
version 1.5.2.6 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"FLET\u0027S Azukeru Backup Tool\"",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "version 1.5.2.6 and earlier"
}
]
}
],
"datePublic": "2018-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"FLET\u0027S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T16:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"FLET\u0027S Azukeru Backup Tool\"",
"version": {
"version_data": [
{
"version_value": "version 1.5.2.6 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"FLET\u0027S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets.com/azukeru/login/news/info_180213.html",
"refsource": "MISC",
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0515",
"datePublished": "2018-02-16T17:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:10.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0507 (GCVE-0-2018-0507)
Vulnerability from cvelistv5 – Published: 2018-01-26 16:00 – Updated: 2024-08-05 03:28
VLAI?
Summary
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | FLET'S VIRUS CLEAR Easy Setup & Application Tool |
Affected:
ver.11 and earlier versions
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26255241",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "ver.11 and earlier versions"
}
]
},
{
"product": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "ver.11 and earlier versions"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.11 and earlier versions, FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26255241",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"version": {
"version_data": [
{
"version_value": "ver.11 and earlier versions"
}
]
}
},
{
"product_name": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"version": {
"version_data": [
{
"version_value": "ver.11 and earlier versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.11 and earlier versions, FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26255241",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0507",
"datePublished": "2018-01-26T16:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:10.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10874 (GCVE-0-2017-10874)
Vulnerability from cvelistv5 – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.
Severity ?
No CVSS data available.
CWE
- Use of Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | PWR-Q200 |
Affected:
all firmware versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PWR-Q200",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"datePublic": "2017-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PWR-Q200",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web116.jp/shop/hikari_p/q200/q200_00.html",
"refsource": "CONFIRM",
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10874",
"datePublished": "2017-12-01T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10829 (GCVE-0-2017-10829)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
},
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
}
],
"datePublic": "2017-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26115441",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"name": "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource": "CONFIRM",
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"name": "https://flets.com/osa/remote/pc_tool.html",
"refsource": "MISC",
"url": "https://flets.com/osa/remote/pc_tool.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10829",
"datePublished": "2017-09-01T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}