Multiple Yamaha routers vulnerable to cross-site request forgery


The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery.

Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers.
The web interface is vulnerable to cross-site request forgery.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

Yamaha Corporation
  • NetVolante Series RT58i
  • NetVolante Series RT57i
  • NetVolante Series RT56v
  • NetVolante Series RTA55i
  • NetVolante Series RTA54i
  • NetVolante Series RTA52i
  • NetVolante Series RTA50i
  • NetVolante Series RT60w
  • NetVolante Series RTW65i
  • NetVolante Series RTW65b
  • NetVolante Series RT80i
  • RT Series RT107e
  • RTV Series RTV700
  • RTV Series RTV01
  • RTX Series RTX1100
  • RTX Series RTX1500
  • RTX Series RTX1000
  • SRT Series SRT100
NEC Corporation
  • IP38X SERIES 58i
  • IP38X SERIES 57i
  • IP38X SERIES 55i
  • IP38X SERIES 1500
  • IP38X SERIES 1100
  • IP38X SERIES 1000
  • IP38X SERIES V700
  • IP38X SERIES 107e
  • IP38X SERIES SR100


If the administrator views a malicious website while logged onto the web interface, the password and other configuration settings can be modified.

[Update the Software]
Apply the latest firmware provided by the vendors.

[Change settings of the router]
Change settings of the router so that no configuration settings can be modified through a web browser.

For more information, refer to the vendors' websites.
Vendor Information

Yamaha Corporation NEC Corporation
  • NEC Security Information : NV08-001 (Japanese)
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-0524

  1. JVN : JVN#88575577
  2. National Vulnerability Database (NVD) : CVE-2008-0524
  3. IPA SECURITY ALERTS : Security Alert for Vulnerability in Multiple YAMAHA Routers
  4. Secunia Advisory : SA28690
  5. SecurityFocus : 27491
  6. ISS X-Force Database : 40015
Revision History

  • [2008/05/21]
      Web page published