var-201901-0720
Vulnerability from variot
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. Yamaha Broadband VoIP Router RT57i and so on are all Yamaha Corporation router products. A security vulnerability exists in the management interface in several Yamaha products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0720", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nvr500", scope: "lte", trust: 1, vendor: "yamaha", version: "rev.11.00.36", }, { model: "rt58i", scope: "lte", trust: 1, vendor: "yamaha", version: "rev.9.01.51", }, { model: "rtx810", scope: "lte", trust: 1, vendor: "yamaha", version: "rev.11.01.31", }, { model: "rt57i", scope: "lte", trust: 1, vendor: "yamaha", version: "rev.8.00.95", }, { model: "fwx120", scope: "lte", trust: 0.8, vendor: "yamaha", version: "firewall rev.11.03.25", }, { model: "nvr500", scope: "lte", trust: 0.8, vendor: "yamaha", version: "broadband voip router rev.11.00.36", }, { model: "rt57i", scope: "lte", trust: 0.8, vendor: "yamaha", version: "broadband voip router rev.8.00.95", }, { model: "rt58i", scope: "lte", trust: 0.8, vendor: "yamaha", version: "broadband voip router rev.9.01.51", }, { model: "rtx810", scope: "lte", trust: 0.8, vendor: "yamaha", version: "gigabit vpn router rev.11.01.31", }, { model: "firewall fwx120 <=rev.11.03.25", scope: null, trust: 0.6, vendor: "yamaha", version: null, }, { model: "broadband voip router rt57i <=rev.8.00.95", scope: null, trust: 0.6, vendor: "yamaha", version: null, }, { model: "broadband voip router rt58i <=rev.9.01.51", scope: null, trust: 0.6, vendor: "yamaha", version: null, }, { model: "broadband voip router nvr500 <=rev.11.00.36", scope: null, trust: 0.6, vendor: "yamaha", version: null, }, { model: "gigabit vpn router rtx810 <=rev.11.01.33", scope: null, trust: 0.6, vendor: "yamaha", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "NVD", id: "CVE-2018-0666", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "rev.8.00.95", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:yamaha:rt57i:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "rev.9.01.51", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:yamaha:rt58i:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "rev.11.00.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:yamaha:nvr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "rev.11.01.31", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-0666", }, ], }, cve: "CVE-2018-0666", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "IPA", availabilityImpact: "None", baseScore: 2.7, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-000093", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.7, confidentialityImpact: "NONE", exploitabilityScore: 5.1, id: "CNVD-2018-16849", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "VHN-118868", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:A/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "IPA", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2018-000093", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-0666", trust: 1, value: "MEDIUM", }, { author: "IPA", id: "JVNDB-2018-000093", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2018-16849", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201809-341", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-118868", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "VULHUB", id: "VHN-118868", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "NVD", id: "CVE-2018-0666", }, { db: "CNNVD", id: "CNNVD-201809-341", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. Yamaha Broadband VoIP Router RT57i and so on are all Yamaha Corporation router products. A security vulnerability exists in the management interface in several Yamaha products", sources: [ { db: "NVD", id: "CVE-2018-0666", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "CNVD", id: "CNVD-2018-16849", }, { db: "VULHUB", id: "VHN-118868", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "JVN", id: "JVN69967692", trust: 3.1, }, { db: "NVD", id: "CVE-2018-0666", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-000093", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201809-341", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-16849", trust: 0.6, }, { db: "VULHUB", id: "VHN-118868", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "VULHUB", id: "VHN-118868", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "NVD", id: "CVE-2018-0666", }, { db: "CNNVD", id: "CNNVD-201809-341", }, ], }, id: "VAR-201901-0720", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "VULHUB", id: "VHN-118868", }, ], trust: 1.6104166666666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, ], }, last_update_date: "2023-12-18T13:08:13.479000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Yamaha Corporation website", trust: 0.8, url: "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html", }, { title: "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website", trust: 0.8, url: "https://web116.jp/ced/support/news/contents/2018/20180829b.html", }, { title: "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website", trust: 0.8, url: "https://flets-w.com/solution/kiki_info/info/180829.html", }, { title: "Patches for Script Injection Vulnerability (CNVD-2018-16849) for Yamaha Corporation's Multiple Products", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/138963", }, { title: "Multiple Yamaha Corporation Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84655", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "CNNVD", id: "CNNVD-201809-341", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-79", trust: 0.8, }, { problemtype: "CWE-74", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-118868", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "NVD", id: "CVE-2018-0666", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://jvn.jp/en/jp/jvn69967692/index.html", }, { trust: 1.7, url: "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html", }, { trust: 1.7, url: "https://flets-w.com/solution/kiki_info/info/180829.html", }, { trust: 1.7, url: "https://web116.jp/ced/support/news/contents/2018/20180829b.html", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-0665", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-0666", }, { trust: 0.6, url: "https://jvn.jp/en/jp/jvn69967692/", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "VULHUB", id: "VHN-118868", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "NVD", id: "CVE-2018-0666", }, { db: "CNNVD", id: "CNNVD-201809-341", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-16849", }, { db: "VULHUB", id: "VHN-118868", }, { db: "JVNDB", id: "JVNDB-2018-000093", }, { db: "NVD", id: "CVE-2018-0666", }, { db: "CNNVD", id: "CNNVD-201809-341", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-30T00:00:00", db: "CNVD", id: "CNVD-2018-16849", }, { date: "2019-01-09T00:00:00", db: "VULHUB", id: "VHN-118868", }, { date: "2018-08-29T00:00:00", db: "JVNDB", id: "JVNDB-2018-000093", }, { date: "2019-01-09T23:29:01.467000", db: "NVD", id: "CVE-2018-0666", }, { date: "2018-09-10T00:00:00", db: "CNNVD", id: "CNNVD-201809-341", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-30T00:00:00", db: "CNVD", id: "CNVD-2018-16849", }, { date: "2020-08-24T00:00:00", db: "VULHUB", id: "VHN-118868", }, { date: "2019-08-27T00:00:00", db: "JVNDB", id: "JVNDB-2018-000093", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2018-0666", }, { date: "2020-10-22T00:00:00", db: "CNNVD", id: "CNNVD-201809-341", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-201809-341", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple script injection vulnerabilities in multiple Yamaha network devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-000093", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-201809-341", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.