|
[Japanese]
|
JVNDB-2016-000105
|
Multiple Hikari Denwa routers vulnerable to OS command injection
|
|
Multiple Hikari Denwa routers contain an OS command injection vulnerability (CWE-78).
Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 5.2 (Medium) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
- PR-400MI firmware Ver. 07.00.1005 and earlier
- RT-400MI firmware Ver. 07.00.1005 and earlier
- RV-440MI firmware Ver. 07.00.1005 and earlier
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
- PR-400MI firmware Ver. 07.00.1006 and earlier
- RT-400MI firmware Ver. 07.00.1006 and earlier
- RV-440MI firmware Ver. 07.00.1006 and earlier
|
|
|
An arbitrary OS command may be executed on the product by a logged-in attacker.
|
|
[Update the Firmware]
Apply the appropriate firmware update provided by the developer.
|
|
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
|
|
- OS Command Injection(CWE-78) [IPA Evaluation]
|
|
- CVE-2016-1227
|
|
- JVN : JVN#77403442
- National Vulnerability Database (NVD) : CVE-2016-1227
|
|
- [2016/06/27]
Web page was published
[2016/08/03]
References : Content was added
|
