Published:2018/08/29  Last Updated:2018/08/31

JVN#69967692
Multiple script injection vulnerabilities in multiple Yamaha network devices

Overview

Multiple network devices provided by Yamaha Corporation contain multiple script injection vulnerabilities.

Products Affected

  • Yamaha Broadband VoIP Router RT57i Rev.8.00.95 and earlier
  • Yamaha Broadband VoIP Router RT58i Rev.9.01.51 and earlier
  • Yamaha Broadband VoIP Router NVR500 Rev.11.00.36 and earlier
  • Yamaha Gigabit VPN Router RTX810 Rev.11.01.31 and earlier
  • Yamaha Firewall FWX120 Rev.11.03.25 and earlier

Description

The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).

Impact

In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen.

Solution

Update the Firmware
Apply the firmware update according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Vulnerable 2018/08/30 NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION website
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Vulnerable 2018/08/30 NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website
Yamaha Corporation Vulnerable 2018/08/29 Yamaha Corporation website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score: 4.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:A/AC:L/Au:S/C:N/I:P/A:N
Base Score: 2.7
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

The following researchers reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2018-0665
Hayato Doi of Kanazawa Institute of Technology

CVE-2018-0666
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2018-0665
CVE-2018-0666
JVN iPedia JVNDB-2018-000093

Update History

2018/08/30
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION update status
2018/08/30
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION update status
2018/08/31
Fixed an error under [Solution]
2018/08/31
Fixed an error under [Products Affected]