JVN#78356367
Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
Overview
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION (NTT EAST) fail to restrict access permissions.
Products Affected
- Hikari Denwa router RT-400MI Ver.09.00.0015 and earlier
- Hikari Denwa router PR-400MI Ver.09.00.0015 and earlier
- Hikari Denwa router RV-440MI Ver.09.00.0015 and earlier
- Home GateWay/Hikari Denwa router PR-500MI/RS-500MI/RT-500MI Ver.08.00.0004 and earlier
- Home GateWay/Hikari Denwa router PR-600MI/RX-600MI Ver.01.00.0008 and earlier
Note that, above products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION (NTT WEST), but the vulnerability only affects products subscribed and used in NTT EAST areas.
Description
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions (CWE-451).
Impact
An attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Vulnerable | 2024/09/24 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Comment
Assuming an attack scenario where an attacker can access the product's Device Setting page via WAN-side, "Confidentiality (C)" is assessed as the primary impact, and "Integrity (I)" and "Availability (A)" are assessed as secondary.
Credit
Keishi Awata of logicalmixed reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-47044 |
| JVN iPedia |
JVNDB-2024-000102 |