[Japanese]
|
JVNDB-2011-000024
|
Multiple Yamaha routers vulnerable to denial-of-service (DoS)
|
Multiple routers provided by Yamaha contain a denial-of-service vulnerability.
Multiple routers provided by Yamaha contain a denial-of-service (DoS) vulnerability due to an issue in processing IP packets.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 7.8 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
Comment
IP packets that contain invalid values in the IP option header are mostly discarded by the router, therefore an attack through the internet being successful is highly unlikely.
|
A wide range of products are affected. For more information, refer to the developer's website.
|
Yamaha Corporation
- RT Series
- RTA Series
- RTV Series
- RTW Series
- RTX Series
- SRT Series
NEC Corporation
|
|
A remote attacker may cause a denial-of-service (DoS).
|
[Update the firmware]
Update to the latest version of firmware according to the information provided by the developer.
According to the developer, firmware addressing this vulnerability will be released successively.
[Apply a workaround]
If updated firmware cannot be obtained, the following workaround may mitigate the affects of this vulnerability.
Utilize packet filtering to prevent accepting malicious IP packets
According to the developer, firmware updates for certain models will not be released.
|
Yamaha Corporation
NEC Corporation
- NEC Security Information : NV11-004 (Japanese)
|
- Numeric Errors(CWE-189) [IPA Evaluation]
|
- CVE-2011-1323
|
- JVN : JVN#55714408
- National Vulnerability Database (NVD) : CVE-2011-1323
- IPA SECURITY ALERTS : Security Alert for Vulnerability in Yamaha Routers
|
- [2011/05/11]
Web page published
[2011/05/31]
CVSS Severity section updated
|