JVN#65839588
Web Caster V130 vulnerable to cross-site request forgery
Overview
Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. contains a cross-site request forgery vulnerability.
Products Affected
- Web Caster V130 firmware Version 1.08 and earlier
Description
Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability.
- Cross-site request forgery (CWE-352)
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 2.0
- CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L Base Score 3.7
- CVE-2025-58272
Impact
If a user who is logged in to the product views a malicious page created by an attacker, unintentionally change the settings of the product may be performed.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| NTT EAST, Inc. | Vulnerable | 2025/09/03 | NTT EAST, Inc. website |
| NTT WEST, Inc. | Vulnerable | 2025/09/03 | NTT WEST, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-58272 |
| JVN iPedia |
JVNDB-2025-000069 |