[Japanese]

JVNDB-2015-000172

Multiple routers contain issue in preventing clickjacking attacks

Overview

Multiple router products contain an issue in the protection against clickjacking attacks.

Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Multiple products are affected.

For more information on vulnerable products, please refer to the "Vendor Status" section.

(Multiple Venders)
  • (Multiple Products)

Impact

If a user views a malicious page while logged in, unintended operations may be conducted.
Solution

[Apply a solution]
Solutions vary depending on the product.
Apply the appropriate solution according to the information provided by the developer.
Vendor Information

Allied Telesis PLANEX COMMUNICATIONS INC. Yamaha Corporation I-O DATA DEVICE, INC. THE FURUKAWA ELECTRIC CO., LTD. NEC Corporation
  • NEC Security Information : NV15-019 (in Japanese)
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN : JVN#48135658
Revision History

  • [2015/10/30]
      Web page was published
    [2015/11/04]
      Vendor Information : Content was added
    [2015/11/12]
      Vendor Information : Content was added
    [2015/12/25]
      Vendor Information : Content was added
    [2016/02/12]
      Vendor Information : Content was added