Published:2016/06/27  Last Updated:2016/06/27

JVN#45034304
Multiple Hikari Denwa routers vulnerable to cross-site request forgery

Overview

Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability.

Products Affected

NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION

  • PR-400MI firmware Ver. 07.00.1006 and earlier
  • RV-440MI firmware Ver. 07.00.1006 and earlier
  • RT-400MI firmware Ver. 07.00.1006 and earlier
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
  • PR-400MI firmware Ver. 07.00.1005 and earlier
  • RV-440MI firmware Ver. 07.00.1005 and earlier
  • RT-400MI firmware Ver. 07.00.1005 and earlier

Description

Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability (CWE-352).

Impact

If a user views a malicious page while logged in, unintended operations may be performed.

Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Vulnerable 2016/06/27 NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Vulnerable 2016/06/27 NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Base Score: 7.1
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:N
Base Score: 4.0
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2016-1228
JVN iPedia JVNDB-2016-000106