JVN#69967692
Multiple script injection vulnerabilities in multiple Yamaha network devices
Overview
Multiple network devices provided by Yamaha Corporation contain multiple script injection vulnerabilities.
Products Affected
- Yamaha Broadband VoIP Router RT57i Rev.8.00.95 and earlier
- Yamaha Broadband VoIP Router RT58i Rev.9.01.51 and earlier
- Yamaha Broadband VoIP Router NVR500 Rev.11.00.36 and earlier
- Yamaha Gigabit VPN Router RTX810 Rev.11.01.31 and earlier
- Yamaha Firewall FWX120 Rev.11.03.25 and earlier
Description
The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).
Impact
In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen.
Solution
Update the Firmware
Apply the firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Vulnerable | 2018/08/30 | NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website |
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Vulnerable | 2018/08/30 | NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website |
| Yamaha Corporation | Vulnerable | 2018/08/29 | Yamaha Corporation website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
The following researchers reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2018-0665
Hayato Doi of Kanazawa Institute of Technology
CVE-2018-0666
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2018-0665 |
|
CVE-2018-0666 |
|
| JVN iPedia |
JVNDB-2018-000093 |
Update History
- 2018/08/30
- NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION update status
- 2018/08/30
- NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION update status
- 2018/08/31
- Fixed an error under [Solution]
- 2018/08/31
- Fixed an error under [Products Affected]