[Japanese]
|
JVNDB-2020-000021
|
Multiple Yamaha network devices vulnerable to denial-of-service (DoS)
|
Multiple network devices provided by Yamaha Corporation contain a denial-of-service (DoS) vulnerability.
NIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 5.9 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVSS V2 Severity: Base Metrics 7.1 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
|
|
Yamaha Corporation
- FWX120 firmware Rev.11.03.27 and earlier
- NVR500 firmware Rev.11.00.38 and earlier
- NVR510 firmware Rev.15.01.14 and earlier
- NVR700W firmware Rev.15.00.15 and earlier
- RTX1200 firmware Rev.10.01.76 and earlier
- RTX1210 firmware Rev.14.01.33 and earlier
- RTX3500 firmware Rev.14.00.26 and earlier
- RTX5000 firmware Rev.14.00.26 and earlier
- RTX810 firmware Rev.11.01.33 and earlier
- RTX830 firmware Rev.15.02.09 and earlier
|
|
A remote attacker may be able to cause a denial-of-service (DoS) condition.
|
[Update the firmware]
Update to the latest version of firmware according to the information provided by the developer.
[Apply a workaround]
If the latest version of firmware cannot be obtained or firmware update cannot be applied, one of the following workaround may mitigate the impact of this vulnerability as the workaround can stop the output of filter's log.
*Stop the output of filter's log by using the ip filter command to set pass-nolog, reject-nolog and restrict-nolog.
*Set syslog notice and stop output of NOTICE level's log.
|
Yamaha Corporation
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2020-5548
|
- JVN : JVN#38732359
- National Vulnerability Database (NVD) : CVE-2020-5548
|
- [2020/03/31]
Web page was published
- [2020/04/01]
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION update status
- [2020/04/01]
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION update status
|