cvelistv5 - CVE-2018-0665

CVE-2018-0665 (GCVE-0-2018-0665)

Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35

Summary

Severity ?

No CVSS data available.

CWE

Script Injection

Assigner

jpcert

References

URL

Tags

	https://flets-w.com/solution/kiki_info/info/180829.html	x_refsource_MISC
	https://jvn.jp/en/jp/JVN69967692/index.html	third-party-advisoryx_refsource_JVN
	https://web116.jp/ced/support/news/contents/2018/…	x_refsource_MISC
	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Yamaha Corporation

Yamaha Broadband VoIP Router RT57i

Affected: Rev.8.00.95 and earlier

Yamaha Corporation	Yamaha Broadband VoIP Router RT58i	Affected: Rev.9.01.51 and earlier
Yamaha Corporation	Yamaha Broadband VoIP Router NVR500	Affected: Rev.11.00.36 and earlier
Yamaha Corporation	Yamaha Gigabit VPN Router RTX810	Affected: Rev.11.01.31 and earlier
Yamaha Corporation	Yamaha Firewall FWX120	Affected: Rev.11.03.25 and earlier
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION	Biz Box Router N58i, N500, NVR500, and RTX810	Affected: n/a
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION	Biz Box Router N58i, and N500	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
          },
          {
            "name": "JVN#69967692",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Yamaha Broadband VoIP Router RT57i",
          "vendor": "Yamaha Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Rev.8.00.95 and earlier"
            }
          ]
        },
        {
          "product": "Yamaha Broadband VoIP Router RT58i",
          "vendor": "Yamaha Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Rev.9.01.51 and earlier"
            }
          ]
        },
        {
          "product": "Yamaha Broadband VoIP Router NVR500",
          "vendor": "Yamaha Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Rev.11.00.36 and earlier"
            }
          ]
        },
        {
          "product": "Yamaha Gigabit VPN Router RTX810",
          "vendor": "Yamaha Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Rev.11.01.31 and earlier"
            }
          ]
        },
        {
          "product": "Yamaha Firewall FWX120",
          "vendor": "Yamaha Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Rev.11.03.25 and earlier"
            }
          ]
        },
        {
          "product": "Biz Box Router N58i, N500, NVR500, and RTX810",
          "vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "product": "Biz Box Router N58i, and N500",
          "vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Script Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T21:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
        },
        {
          "name": "JVN#69967692",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Yamaha Broadband VoIP Router RT57i",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rev.8.00.95 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Yamaha Broadband VoIP Router RT58i",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rev.9.01.51 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Yamaha Broadband VoIP Router NVR500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rev.11.00.36 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Yamaha Gigabit VPN Router RTX810",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rev.11.01.31 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Yamaha Firewall FWX120",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rev.11.03.25 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Yamaha Corporation"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Biz Box Router N58i, and N500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Script Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
              "refsource": "MISC",
              "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
            },
            {
              "name": "JVN#69967692",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
            },
            {
              "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
              "refsource": "MISC",
              "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
            },
            {
              "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
              "refsource": "MISC",
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0665",
    "datePublished": "2019-01-09T22:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"rev.8.00.95\", \"matchCriteriaId\": \"D246BC50-0FEC-4532-9756-F0C48AC0D4C0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E6F18D-A256-414A-A1C2-953281EAE5AA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"rev.9.01.51\", \"matchCriteriaId\": \"81DC976D-064C-484A-AA9F-BE63114889DE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E426B4DC-07A8-48FD-99D0-69C4EB9445C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"rev.11.00.36\", \"matchCriteriaId\": \"71EC5439-279E-406F-89BD-D5A805C2FB3C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A2BF515-DCF0-4EBB-AB33-2BEB8B926453\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"rev.11.01.31\", \"matchCriteriaId\": \"E3ABD3B3-5C3E-49DE-85CD-F7EB8DAF8830\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32B7EF2A-748F-4EDE-82DD-B6D135097147\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666.\"}, {\"lang\": \"es\", \"value\": \"Yamaha routers RT57i Rev.8.00.95 y anteriores, RT58i Rev.9.01.51 y anteriores, NVR500 Rev.11.00.36 y anteriores y RTX810 Rev.11.01.31 y anteriores, permiten a un usuario autenticado embeber scripts arbitrarios en los datos de configuraci\\u00f3n mediante un determinado campo de un formulario de la p\\u00e1gina de configuraci\\u00f3n, los cuales  podr\\u00edan ejecutarse en otro navegador del usuario de administrador. Esta vulnerabilidad es diferente de CVE-2018-0666.\"}]",
      "id": "CVE-2018-0665",
      "lastModified": "2024-11-21T03:38:41.873",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 5.2, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 5.1, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-01-09T23:29:01.373",
      "references": "[{\"url\": \"http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://flets-w.com/solution/kiki_info/info/180829.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN69967692/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://web116.jp/ced/support/news/contents/2018/20180829b.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://flets-w.com/solution/kiki_info/info/180829.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN69967692/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://web116.jp/ced/support/news/contents/2018/20180829b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0665\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-01-09T23:29:01.373\",\"lastModified\":\"2024-11-21T03:38:41.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666.\"},{\"lang\":\"es\",\"value\":\"Yamaha routers RT57i Rev.8.00.95 y anteriores, RT58i Rev.9.01.51 y anteriores, NVR500 Rev.11.00.36 y anteriores y RTX810 Rev.11.01.31 y anteriores, permiten a un usuario autenticado embeber scripts arbitrarios en los datos de configuraci\u00f3n mediante un determinado campo de un formulario de la p\u00e1gina de configuraci\u00f3n, los cuales  podr\u00edan ejecutarse en otro navegador del usuario de administrador. Esta vulnerabilidad es diferente de CVE-2018-0666.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":5.2,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"rev.8.00.95\",\"matchCriteriaId\":\"D246BC50-0FEC-4532-9756-F0C48AC0D4C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E6F18D-A256-414A-A1C2-953281EAE5AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"rev.9.01.51\",\"matchCriteriaId\":\"81DC976D-064C-484A-AA9F-BE63114889DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E426B4DC-07A8-48FD-99D0-69C4EB9445C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"rev.11.00.36\",\"matchCriteriaId\":\"71EC5439-279E-406F-89BD-D5A805C2FB3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A2BF515-DCF0-4EBB-AB33-2BEB8B926453\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"rev.11.01.31\",\"matchCriteriaId\":\"E3ABD3B3-5C3E-49DE-85CD-F7EB8DAF8830\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B7EF2A-748F-4EDE-82DD-B6D135097147\"}]}]}],\"references\":[{\"url\":\"http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://flets-w.com/solution/kiki_info/info/180829.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN69967692/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web116.jp/ced/support/news/contents/2018/20180829b.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://flets-w.com/solution/kiki_info/info/180829.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN69967692/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web116.jp/ced/support/news/contents/2018/20180829b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

VAR-201901-0719

Vulnerability from variot - Updated: 2023-12-18 13:08

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0719",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nvr500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yamaha",
        "version": "rev.11.00.36"
      },
      {
        "model": "rt58i",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yamaha",
        "version": "rev.9.01.51"
      },
      {
        "model": "rtx810",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yamaha",
        "version": "rev.11.01.31"
      },
      {
        "model": "rt57i",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yamaha",
        "version": "rev.8.00.95"
      },
      {
        "model": "fwx120",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yamaha",
        "version": "firewall rev.11.03.25"
      },
      {
        "model": "nvr500",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yamaha",
        "version": "broadband voip router rev.11.00.36"
      },
      {
        "model": "rt57i",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yamaha",
        "version": "broadband voip router rev.8.00.95"
      },
      {
        "model": "rt58i",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yamaha",
        "version": "broadband voip router rev.9.01.51"
      },
      {
        "model": "rtx810",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yamaha",
        "version": "gigabit vpn router rev.11.01.31"
      },
      {
        "model": "firewall fwx120 \u003c=rev.11.03.25",
        "scope": null,
        "trust": 0.6,
        "vendor": "yamaha",
        "version": null
      },
      {
        "model": "broadband voip router rt57i \u003c=rev.8.00.95",
        "scope": null,
        "trust": 0.6,
        "vendor": "yamaha",
        "version": null
      },
      {
        "model": "broadband voip router rt58i \u003c=rev.9.01.51",
        "scope": null,
        "trust": 0.6,
        "vendor": "yamaha",
        "version": null
      },
      {
        "model": "broadband voip router nvr500 \u003c=rev.11.00.36",
        "scope": null,
        "trust": 0.6,
        "vendor": "yamaha",
        "version": null
      },
      {
        "model": "gigabit vpn router rtx810 \u003c=rev.11.01.33",
        "scope": null,
        "trust": 0.6,
        "vendor": "yamaha",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.8.00.95",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.9.01.51",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.11.00.36",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.11.01.31",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      }
    ]
  },
  "cve": "CVE-2018-0665",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.7,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000093",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.1,
            "id": "CNVD-2018-16850",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "VHN-118867",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000093",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0665",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000093",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-16850",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-340",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118867",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN69967692",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "id": "VAR-201901-0719",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      }
    ],
    "trust": 1.6104166666666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:08:13.508000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Yamaha Corporation website",
        "trust": 0.8,
        "url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
      },
      {
        "title": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website",
        "trust": 0.8,
        "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
      },
      {
        "title": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website",
        "trust": 0.8,
        "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
      },
      {
        "title": "YamahaCorporation multiple products have script injection vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/138965"
      },
      {
        "title": "Multiple Yamaha Corporation Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84654"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-74",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn69967692/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
      },
      {
        "trust": 1.7,
        "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
      },
      {
        "trust": 1.7,
        "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0665"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0666"
      },
      {
        "trust": 0.6,
        "url": "https://jvn.jp/en/jp/jvn69967692/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "date": "2018-08-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "date": "2019-01-09T23:29:01.373000",
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-16850"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118867"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2018-0665"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple script injection vulnerabilities in multiple Yamaha network devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000093"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-340"
      }
    ],
    "trust": 0.6
  }
}

GHSA-QJ49-XJV5-G9QJ

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0665"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666.",
  "id": "GHSA-qj49-xjv5-g9qj",
  "modified": "2022-05-13T01:18:24Z",
  "published": "2022-05-13T01:18:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0665"
    },
    {
      "type": "WEB",
      "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
    },
    {
      "type": "WEB",
      "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
    },
    {
      "type": "WEB",
      "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-16850

Vulnerability from cnvd - Published: 2018-08-30

Title

Yamaha Corporation多个产品存在脚本注入漏洞

Description

Yamaha Broadband VoIP Router RT57i等均是Yamaha Corporation公司路由器产品。 Yamaha Corporation多个产品存在脚本注入漏洞，在多个管理员管理受影响的设备的情况下，具有恶意意图的管理员可以将任意脚本嵌入到管理屏幕中。当另一个管理员登录屏幕时，可以执行嵌入式脚本。

Severity

低

Patch Name

Yamaha Corporation多个产品存在脚本注入漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html

Reference

https://jvn.jp/en/jp/JVN69967692/

Impacted products

Name
['Yamaha Corporation Yamaha Firewall FWX120 <=Rev.11.03.25', 'Yamaha Corporation Yamaha Broadband VoIP Router RT57i <=Rev.8.00.95', 'Yamaha Corporation Yamaha Broadband VoIP Router RT58i <=Rev.9.01.51', 'Yamaha Corporation Yamaha Broadband VoIP Router NVR500 <=Rev.11.00.36', 'Yamaha Corporation Yamaha Gigabit VPN Router RTX810 <=Rev.11.01.33']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0665"
    }
  },
  "description": "Yamaha Broadband VoIP Router RT57i\u7b49\u5747\u662fYamaha Corporation\u516c\u53f8\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nYamaha Corporation\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5728\u591a\u4e2a\u7ba1\u7406\u5458\u7ba1\u7406\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u7684\u60c5\u51b5\u4e0b\uff0c\u5177\u6709\u6076\u610f\u610f\u56fe\u7684\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u4efb\u610f\u811a\u672c\u5d4c\u5165\u5230\u7ba1\u7406\u5c4f\u5e55\u4e2d\u3002\u5f53\u53e6\u4e00\u4e2a\u7ba1\u7406\u5458\u767b\u5f55\u5c4f\u5e55\u65f6\uff0c\u53ef\u4ee5\u6267\u884c\u5d4c\u5165\u5f0f\u811a\u672c\u3002",
  "discovererName": "Hayato Doi of Kanazawa Institute of Technology",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-16850",
  "openTime": "2018-08-30",
  "patchDescription": "Yamaha Broadband VoIP Router RT57i\u7b49\u5747\u662fYamaha Corporation\u516c\u53f8\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nYamaha Corporation\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5728\u591a\u4e2a\u7ba1\u7406\u5458\u7ba1\u7406\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u7684\u60c5\u51b5\u4e0b\uff0c\u5177\u6709\u6076\u610f\u610f\u56fe\u7684\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u4efb\u610f\u811a\u672c\u5d4c\u5165\u5230\u7ba1\u7406\u5c4f\u5e55\u4e2d\u3002\u5f53\u53e6\u4e00\u4e2a\u7ba1\u7406\u5458\u767b\u5f55\u5c4f\u5e55\u65f6\uff0c\u53ef\u4ee5\u6267\u884c\u5d4c\u5165\u5f0f\u811a\u672c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Yamaha Corporation\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Yamaha Corporation Yamaha Firewall FWX120 \u003c=Rev.11.03.25",
      "Yamaha Corporation Yamaha Broadband VoIP Router RT57i \u003c=Rev.8.00.95",
      "Yamaha Corporation Yamaha Broadband VoIP Router RT58i \u003c=Rev.9.01.51",
      "Yamaha Corporation Yamaha Broadband VoIP Router NVR500 \u003c=Rev.11.00.36",
      "Yamaha Corporation Yamaha Gigabit VPN Router RTX810 \u003c=Rev.11.01.33"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN69967692/",
  "serverity": "\u4f4e",
  "submitTime": "2018-08-30",
  "title": "Yamaha Corporation\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e"
}

JVNDB-2018-000093

Vulnerability from jvndb - Published: 2018-08-29 18:01 - Updated:2019-08-27 17:53

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

Multiple script injection vulnerabilities in multiple Yamaha network devices

Details

The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN69967692/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0665
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0666
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0665
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0666
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Yamaha Corporation	FWX120
	Yamaha Corporation	NVR500
	Yamaha Corporation	RT57i
	Yamaha Corporation	RT58i
	Yamaha Corporation	RTX810

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000093.html",
  "dc:date": "2019-08-27T17:53+09:00",
  "dcterms:issued": "2018-08-29T18:01+09:00",
  "dcterms:modified": "2019-08-27T17:53+09:00",
  "description": "The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).\r\n\r\nThe following researchers reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2018-0665\r\nHayato Doi of Kanazawa Institute of Technology\r\n\r\nCVE-2018-0666\r\nTomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000093.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:yamaha:fwx120_firmware",
      "@product": "FWX120",
      "@vendor": "Yamaha Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:yamaha:nvr500_firmware",
      "@product": "NVR500",
      "@vendor": "Yamaha Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:yamaha:rt57i_firmware",
      "@product": "RT57i",
      "@vendor": "Yamaha Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:yamaha:rt58i_firmware",
      "@product": "RT58i",
      "@vendor": "Yamaha Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:yamaha:rtx810_firmware",
      "@product": "RTX810",
      "@vendor": "Yamaha Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.7",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000093",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN69967692/index.html",
      "@id": "JVN#69967692",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0665",
      "@id": "CVE-2018-0665",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0666",
      "@id": "CVE-2018-0666",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0665",
      "@id": "CVE-2018-0665",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0666",
      "@id": "CVE-2018-0666",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple script injection vulnerabilities in multiple Yamaha network devices"
}

GSD-2018-0665

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0665

Aliases

CVE-2018-0665

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0665",
    "description": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666.",
    "id": "GSD-2018-0665"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0665"
      ],
      "details": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666.",
      "id": "GSD-2018-0665",
      "modified": "2023-12-13T01:22:24.218346Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0665",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Yamaha Broadband VoIP Router RT57i",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Rev.8.00.95 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Yamaha Broadband VoIP Router RT58i",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Rev.9.01.51 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Yamaha Broadband VoIP Router NVR500",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Rev.11.00.36 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Yamaha Gigabit VPN Router RTX810",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Rev.11.01.31 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Yamaha Firewall FWX120",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Rev.11.03.25 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Yamaha Corporation"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Biz Box Router N58i, and N500",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Script Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
            "refsource": "MISC",
            "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
          },
          {
            "name": "JVN#69967692",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
          },
          {
            "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
            "refsource": "MISC",
            "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
          },
          {
            "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
            "refsource": "MISC",
            "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.8.00.95",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.9.01.51",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.11.00.36",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "rev.11.01.31",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0665"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
            },
            {
              "name": "JVN#69967692",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
            },
            {
              "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
            },
            {
              "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

FKIE_CVE-2018-0665

Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:38

Severity ?

6.8 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html	Third Party Advisory
vultures@jpcert.or.jp	https://flets-w.com/solution/kiki_info/info/180829.html	Third Party Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN69967692/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://web116.jp/ced/support/news/contents/2018/20180829b.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://flets-w.com/solution/kiki_info/info/180829.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN69967692/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://web116.jp/ced/support/news/contents/2018/20180829b.html	Third Party Advisory

Impacted products

Vendor	Product	Version
yamaha	rt57i_firmware	*
yamaha	rt57i	-
yamaha	rt58i_firmware	*
yamaha	rt58i	-
yamaha	nvr500_firmware	*
yamaha	nvr500	-
yamaha	rtx810_firmware	*
yamaha	rtx810	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246BC50-0FEC-4532-9756-F0C48AC0D4C0",
              "versionEndIncluding": "rev.8.00.95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E6F18D-A256-414A-A1C2-953281EAE5AA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81DC976D-064C-484A-AA9F-BE63114889DE",
              "versionEndIncluding": "rev.9.01.51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E426B4DC-07A8-48FD-99D0-69C4EB9445C3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71EC5439-279E-406F-89BD-D5A805C2FB3C",
              "versionEndIncluding": "rev.11.00.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A2BF515-DCF0-4EBB-AB33-2BEB8B926453",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3ABD3B3-5C3E-49DE-85CD-F7EB8DAF8830",
              "versionEndIncluding": "rev.11.01.31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B7EF2A-748F-4EDE-82DD-B6D135097147",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
    },
    {
      "lang": "es",
      "value": "Yamaha routers RT57i Rev.8.00.95 y anteriores, RT58i Rev.9.01.51 y anteriores, NVR500 Rev.11.00.36 y anteriores y RTX810 Rev.11.01.31 y anteriores, permiten a un usuario autenticado embeber scripts arbitrarios en los datos de configuraci\u00f3n mediante un determinado campo de un formulario de la p\u00e1gina de configuraci\u00f3n, los cuales  podr\u00edan ejecutarse en otro navegador del usuario de administrador. Esta vulnerabilidad es diferente de CVE-2018-0666."
    }
  ],
  "id": "CVE-2018-0665",
  "lastModified": "2024-11-21T03:38:41.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:01.373",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0665 (GCVE-0-2018-0665)

VAR-201901-0719

GHSA-QJ49-XJV5-G9QJ

CNVD-2018-16850

JVNDB-2018-000093

GSD-2018-0665

FKIE_CVE-2018-0665

Tags

Sightings

Nomenclature