Published:2020/03/31  Last Updated:2020/04/01

JVN#38732359
Multiple Yamaha network devices vulnerable to denial-of-service (DoS)

Overview

Multiple network devices provided by Yamaha Corporation contain a denial-of-service (DoS) vulnerability.

Products Affected

  • Yamaha LTE VoIP Router
    • NVR700W firmware Rev.15.00.15 and earlier
  • Yamaha Gigabit VoIP Router
    • NVR510 firmware Rev.15.01.14 and earlier
  • Yamaha Gigabit VPN Router
    • RTX810 firmware Rev.11.01.33 and earlier
    • RTX830 firmware Rev.15.02.09 and earlier
    • RTX1200 firmware Rev.10.01.76 and earlier
    • RTX1210 firmware Rev.14.01.33 and earlier
    • RTX3500 firmware Rev.14.00.26 and earlier
    • RTX5000 firmware Rev.14.00.26 and earlier
  • Yamaha Broadband VoIP Router
    • NVR500 firmware Rev.11.00.38 and earlier
  • Yamaha Firewall
    • FWX120 firmware Rev.11.03.27 and earlier

Description

Multiple network devices provided by Yamaha Corporation contain a denial-of-service (DoS) vulnerability (CWE-400) due to an issue in processing received packets.

Impact

A remote attacker may be able to cause a denial-of-service (DoS) condition.

Solution

Update the firmware
Update to the latest version of firmware according to the information provided by the developer.

Apply a workaround
If the latest version of firmware cannot be obtained or firmware update cannot be applied, one of the following workaround may mitigate the impact of this vulnerability as the workaround can stop the output of filter's log.

  • Stop the output of filter's log by using the ip filter command to set pass-nolog, reject-nolog and restrict-nolog.
  • Set syslog notice and stop output of NOTICE level's log.

Vendor Status

Vendor Status Last Update Vendor Notes
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Vulnerable 2020/04/01 NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Vulnerable 2020/04/01 NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website
Yamaha Corporation Vulnerable 2020/03/31 Yamaha Corporation website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score: 5.9
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:M/Au:N/C:N/I:N/A:C
Base Score: 7.1
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

NIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5548
JVN iPedia JVNDB-2020-000021

Update History

2020/04/01
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION update status
2020/04/01
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION update status