[Japanese]

JVNDB-2019-000043

Multiple vulnerabilities in Hikari Denwa router/Home GateWay

Overview

Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below.

* Cross-site Scripting (CWE-79) - CVE-2019-5985
* Cross-site Request Forgery (CWE-352) - CVE-2019-5986

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2019-5985


CVSS V3 Severity:
Base Metrics: 6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2019-5986
Affected Products


NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
  • PR-400KI firmware version Ver.07.00.1010 and earlier
  • PR-400MI firmware version Ver. 07.00.1012 and earlier
  • PR-400NE firmware version Ver.7.42 and earlier
  • PR-500KI firmware version Ver.01.00.0090 and earlier
  • PR-500MI firmware version Ver.01.01.0011 and earlier
  • PR-S300HI firmware version Ver.19.01.0005 and earlier
  • PR-S300NE firmware version Ver. 19.41 and earlier
  • PR-S300SE firmware version Ver.19.40 and earlier
  • RT-400KI firmware version Ver.07.00.1010 and earlier
  • RT-400MI firmware version Ver. 07.00.1012 and earlier
  • RT-400NE firmware version Ver.7.42 and earlier
  • RT-500KI firmware version Ver.01.00.0090 and earlier
  • RT-500MI firmware version Ver.01.01.0011 and earlier
  • RT-S300HI firmware version Ver.19.01.0005 and earlier
  • RT-S300NE firmware version Ver. 19.41 and earlier
  • RT-S300SE firmware version Ver.19.40 and earlier
  • RV-440KI firmware version Ver.07.00.1010 and earlier
  • RV-440MI firmware version Ver. 07.00.1012 and earlier
  • RV-440NE firmware version Ver.7.42 and earlier
  • RV-S340HI firmware version Ver.19.01.0005 and earlier
  • RV-S340NE firmware version Ver. 19.41 and earlier
  • RV-S340SE firmware version Ver.19.40 and earlier
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
  • PR-400KI firmware version Ver.07.00.1010 and earlier
  • PR-400MI firmware version Ver. 07.00.1012 and earlier
  • PR-400NE firmware version Ver.7.42 and earlier
  • PR-S300HI firmware version Ver.19.01.0005 and earlier
  • PR-S300NE firmware version Ver. 19.41 and earlier
  • PR-S300SE firmware version Ver.19.40 and earlier
  • RT-400KI firmware version Ver.07.00.1010 and earlier
  • RT-400MI firmware version Ver. 07.00.1012 and earlier
  • RT-400NE firmware version Ver.7.42 and earlier
  • RT-S300HI firmware version Ver.19.01.0005 and earlier
  • RT-S300NE firmware version Ver. 19.41 and earlier
  • RT-S300SE firmware version Ver.19.40 and earlier
  • RV-440KI firmware version Ver.07.00.1010 and earlier
  • RV-440MI firmware version Ver. 07.00.1012 and earlier
  • RV-440NE firmware version Ver.7.42 and earlier
  • RV-S340HI firmware version Ver.19.01.0005 and earlier
  • RV-S340NE firmware version Ver. 19.41 and earlier
  • RV-S340SE firmware version Ver.19.40 and earlier
  • PR-500KI firmware version Ver.01.00.0090 and earlier
  • PR-500MI firmware version Ver.01.01.0014 and earlier
  • RS-500KI firmware version Ver.01.00.0070 and earlier
  • RS-500MI firmware version Ver.03.01.0019 and earlier
  • RT-500KI firmware version Ver.01.00.0090 and earlier
  • RT-500MI firmware version Ver.01.01.0014 and earlier

Impact

*An arbitrary script may be executed on the user's web browser - CVE-2019-5985
*If a user who is logging into the device accesses a specially crafted web page, unintended operations may be conducted - CVE-2019-5986
Solution

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Information

NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2019-5985
  2. CVE-2019-5986
References

  1. JVN : JVN#43172719
  2. National Vulnerability Database (NVD) : CVE-2019-5985
  3. National Vulnerability Database (NVD) : CVE-2019-5986
Revision History

  • [2019/06/27]
      Web page was published
  • [2019/07/05]
      Affected Products : Product version was modified
  • [2019/10/08]
      References : Contents were added