var-201901-0719
Vulnerability from variot
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr500",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.11.00.36"
},
{
"model": "rt58i",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.9.01.51"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.11.01.31"
},
{
"model": "rt57i",
"scope": "lte",
"trust": 1.0,
"vendor": "yamaha",
"version": "rev.8.00.95"
},
{
"model": "fwx120",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "firewall rev.11.03.25"
},
{
"model": "nvr500",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.11.00.36"
},
{
"model": "rt57i",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.8.00.95"
},
{
"model": "rt58i",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "broadband voip router rev.9.01.51"
},
{
"model": "rtx810",
"scope": "lte",
"trust": 0.8,
"vendor": "yamaha",
"version": "gigabit vpn router rev.11.01.31"
},
{
"model": "firewall fwx120 \u003c=rev.11.03.25",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router rt57i \u003c=rev.8.00.95",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router rt58i \u003c=rev.9.01.51",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "broadband voip router nvr500 \u003c=rev.11.00.36",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
},
{
"model": "gigabit vpn router rtx810 \u003c=rev.11.01.33",
"scope": null,
"trust": 0.6,
"vendor": "yamaha",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.8.00.95",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.9.01.51",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.11.00.36",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "rev.11.01.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0665"
}
]
},
"cve": "CVE-2018-0665",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000093",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CNVD-2018-16850",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-118867",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000093",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0665",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000093",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16850",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-340",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118867",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN69967692",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-0665",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16850",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118867",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"id": "VAR-201901-0719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
}
],
"trust": 1.6104166666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
}
]
},
"last_update_date": "2023-12-18T13:08:13.508000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yamaha Corporation website",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
},
{
"title": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website",
"trust": 0.8,
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"title": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website",
"trust": 0.8,
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"title": "YamahaCorporation multiple products have script injection vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138965"
},
{
"title": "Multiple Yamaha Corporation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84654"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-74",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn69967692/index.html"
},
{
"trust": 1.7,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html"
},
{
"trust": 1.7,
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"trust": 1.7,
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0665"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0666"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn69967692/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"db": "VULHUB",
"id": "VHN-118867"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118867"
},
{
"date": "2018-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"date": "2019-01-09T23:29:01.373000",
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16850"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-118867"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000093"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-0665"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple script injection vulnerabilities in multiple Yamaha network devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000093"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-340"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.