JVN#48135658
Multiple routers contain issue in preventing clickjacking attacks
Overview
Multiple router products contain an issue in the protection against clickjacking attacks.
Products Affected
Multiple products are affected.
For more information on vulnerable products, please refer to the "Vendor Status" section.
Description
Multiple router products contain an issue in the protection against clickjacking attacks.
Impact
If a user views a malicious page while logged in, unintended operations may be conducted.
Solution
Apply a solution
Solutions vary depending on the product.
Apply the appropriate solution according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Century Systems Co., Ltd. | Vulnerability Information Provided | 2015/10/30 | |
| Corega Inc | Not Vulnerable | 2015/10/30 | |
| NEC Corporation | Vulnerable | 2016/08/19 | |
| PLANEX COMMUNICATIONS INC. | Vulnerable | 2015/11/02 | PLANEX COMMUNICATIONS INC. website |
| Yamaha Corporation | Vulnerable | 2015/10/30 | Yamaha Corporation website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2015-000172 |
Update History
- 2015/11/02
- PLANEX COMMUNICATIONS INC. update status
- 2016/08/19
- NEC Corporation update status