Published:2021/11/09  Last Updated:2021/11/09

JVNVU#91161784
Multiple vulnerabilities in multiple Yamaha routers

Overview

Multiple routers provided by Yamaha Corporation contain multiple vulnerabilities.

Products Affected

  • RTX830 Rev.15.02.17 and earlier
  • NVR510 Rev.15.01.18 and earlier
  • NVR700W Rev.15.00.19 and earlier
  • RTX1210 Rev.14.01.38 and earlier

Description

Multiple routers provided by Yamaha Corporation contain multiple vulnerabilities listed below.

  • Cross-site script inclusion (CWE-829) - CVE-2021-20843
    CVSS v3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N Base Score: 4.8
  • Improper neutralization of HTTP request headers for scripting syntax (CWE-644) - CVE-2021-20844
    CVSS v3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N Base Score: 3.7

Impact

  • If a user views a malicious page created by an attacker while logging in to the Web GUI of the affected product, the product's settings may be changed unintentionally - CVE-2021-20843, CVE-2021-20844
  • If a user views a malicious page created by an attacker while logging in to the Web GUI of the affected product, sensitive information may be obtained - CVE-2021-20844

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for these vulnerabilities.

  • RTX830 Rev.15.02.20
  • NVR510 Rev.15.01.21
  • NVR700W Rev.15.00.22
  • RTX1210 Rev.14.01.40
Apply a workaround
If the latest version of firmware cannot be obtained or firmware update cannot be applied, applying either of the following workarounds may mitigate the impacts of these vulnerabilities
  • Set httpd service off and disable HTTP server function.
  • Set httpd host none and prohibit access to the GUI from all hosts.

Vendor Status

Vendor Status Last Update Vendor Notes
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Vulnerable 2021/11/09 NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Vulnerable 2021/11/09 NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website
Yamaha Corporation Vulnerable 2021/11/09 Yamaha Corporation website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Shoji Baba of IERAE SECURITY INC. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-20843
CVE-2021-20844
JVN iPedia