[Japanese]

JVNDB-2018-000093

Multiple script injection vulnerabilities in multiple Yamaha network devices

Overview

The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).

The following researchers reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2018-0665
Hayato Doi of Kanazawa Institute of Technology

CVE-2018-0666
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.7 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Yamaha Corporation
  • FWX120 Firewall Rev.11.03.25 and earlier
  • NVR500 Broadband VoIP Router Rev.11.00.36 and earlier
  • RT57i Broadband VoIP Router Rev.8.00.95 and earlier
  • RT58i Broadband VoIP Router Rev.9.01.51 and earlier
  • RTX810 Gigabit VPN Router Rev.11.01.33 and earlier

Impact

In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen.
Solution

[Update the Firmware]
Apply the firmware update according to the information provided by the developer.
Vendor Information

Yamaha Corporation NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-0665
  2. CVE-2018-0666
References

  1. JVN : JVN#69967692
Revision History

  • [2018/08/29]
      Web page was published
  • [2018/08/31]
      Vendor Information : Contents were added