JVNDB-2011-000024

Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Multiple routers provided by Yamaha contain a denial-of-service vulnerability.

Multiple routers provided by Yamaha contain a denial-of-service (DoS) vulnerability due to an issue in processing IP packets.

Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

A wide range of products are affected. For more information, refer to the developer's website.

Yamaha Corporation

• RT Series
• RTA Series
• RTV Series
• RTW Series
• RTX Series
• SRT Series

NEC Corporation

• IP38X SERIES

A remote attacker may cause a denial-of-service (DoS).

[Update the firmware]
Update to the latest version of firmware according to the information provided by the developer.
According to the developer, firmware addressing this vulnerability will be released successively.

[Apply a workaround]
If updated firmware cannot be obtained, the following workaround may mitigate the affects of this vulnerability.

Utilize packet filtering to prevent accepting malicious IP packets


According to the developer, firmware updates for certain models will not be released.

Yamaha Corporation

• RT/FAQ : JVN55714408 (Japanese)

NEC Corporation

• NEC Security Information : NV11-004 (Japanese)

1. Numeric Errors(CWE-189) [IPA Evaluation]

1. CVE-2011-1323

1. JVN : JVN#55714408
2. National Vulnerability Database (NVD) : CVE-2011-1323
3. IPA SECURITY ALERTS : Security Alert for Vulnerability in Yamaha Routers

• [2011/05/11]
    Web page published
  [2011/05/31]
    CVSS Severity section updated