Search
Find a vulnerability
Search criteria
26 vulnerabilities by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
CVE-2024-47044 (GCVE-0-2024-47044)
Vulnerability from nvd – Published: 2024-09-26 08:34 – Updated: 2024-10-17 01:33
VLAI
Summary
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-451 - User interface (UI) misrepresentation of critical information
Assigner
References
7 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router RT-400MI |
Affected:
Ver.09.00.0015 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router PR-400MI |
Affected:
Ver.09.00.0015 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router RV-440MI |
Affected:
Ver.09.00.0015 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Home GateWay/Hikari Denwa router PR-500MI/RS-500MI/RT-500MI |
Affected:
Ver.08.00.0004 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Home GateWay/Hikari Denwa router PR-600MI/RX-600MI |
Affected:
Ver.01.00.0008 and earlier
|
|
| ntt-east | rv-440mi_firmware |
Affected:
0 , ≤ 09.00.0015
(custom)
cpe:2.3:o:ntt-east:pr-400mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rt-400mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rv-440mi_firmware:-:*:*:*:*:*:*:* |
|
| ntt-east | rt-500mi_firmware |
Affected:
0 , ≤ 08.00.0004
(custom)
cpe:2.3:o:ntt-east:pr-500mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rs-500mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rt-500mi_firmware:-:*:*:*:*:*:*:* |
|
| ntt-east | rx-600mi_firmware |
Affected:
0 , ≤ 01.00.0008
(custom)
cpe:2.3:o:ntt-east:pr-600mi_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rx-600mi_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-400mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rt-400mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rv-440mi_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rv-440mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "09.00.0015",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-500mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rs-500mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rt-500mi_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-500mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "08.00.0004",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-600mi_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rx-600mi_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rx-600mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "01.00.0008",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:32:49.475278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:42:16.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hikari Denwa router RT-400MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Hikari Denwa router PR-400MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Hikari Denwa router RV-440MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Home GateWay/Hikari Denwa router PR-500MI/RS-500MI/RT-500MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.08.00.0004 and earlier"
}
]
},
{
"product": "Home GateWay/Hikari Denwa router PR-600MI/RX-600MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.01.00.0008 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product\u0027s Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User interface (UI) misrepresentation of critical information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T01:33:49.083Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web116.jp/ced/support/news/contents/2024/20240930.html"
},
{
"url": "https://web116.jp/ced/support/version/broadband/rt_400mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/pr_400mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/rv_440mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/500mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/600mi/"
},
{
"url": "https://jvn.jp/en/jp/JVN78356367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47044",
"datePublished": "2024-09-26T08:34:30.347Z",
"dateReserved": "2024-09-17T04:53:47.412Z",
"dateUpdated": "2024-10-17T01:33:49.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0666 (GCVE-0-2018-0666)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0666",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0665 (GCVE-0-2018-0665)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0665",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0563 (GCVE-0-2018-0563)
Vulnerability from nvd – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://flets.com/customer/next/sec/setup/esat_in… | x_refsource_MISC |
| https://flets.com/customer/tec/fvc/setup/esat_ins… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN20040004/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets.com/customer/next/sec/setup/esat_install.html",
"refsource": "MISC",
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"name": "https://flets.com/customer/tec/fvc/setup/esat_install.html",
"refsource": "MISC",
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0563",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0515 (GCVE-0-2018-0515)
Vulnerability from nvd – Published: 2018-02-16 17:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://flets.com/azukeru/login/news/info_180213.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN04564808/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | "FLET'S Azukeru Backup Tool" |
Affected:
version 1.5.2.6 and earlier
|
Date Public
2018-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"FLET\u0027S Azukeru Backup Tool\"",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "version 1.5.2.6 and earlier"
}
]
}
],
"datePublic": "2018-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"FLET\u0027S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"FLET\u0027S Azukeru Backup Tool\"",
"version": {
"version_data": [
{
"version_value": "version 1.5.2.6 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"FLET\u0027S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets.com/azukeru/login/news/info_180213.html",
"refsource": "MISC",
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0515",
"datePublished": "2018-02-16T17:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:10.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0507 (GCVE-0-2018-0507)
Vulnerability from nvd – Published: 2018-01-26 16:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN26255241/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | FLET'S VIRUS CLEAR Easy Setup & Application Tool |
Affected:
ver.11 and earlier versions
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool |
Affected:
ver.11 and earlier versions
|
Date Public
2018-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26255241",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "ver.11 and earlier versions"
}
]
},
{
"product": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "ver.11 and earlier versions"
}
]
}
],
"datePublic": "2018-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.11 and earlier versions, FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26255241",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"version": {
"version_data": [
{
"version_value": "ver.11 and earlier versions"
}
]
}
},
{
"product_name": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"version": {
"version_data": [
{
"version_value": "ver.11 and earlier versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.11 and earlier versions, FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26255241",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0507",
"datePublished": "2018-01-26T16:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:10.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10874 (GCVE-0-2017-10874)
Vulnerability from nvd – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.
Severity
No CVSS data available.
CWE
- Use of Insufficiently Random Values
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://web116.jp/shop/hikari_p/q200/q200_00.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN73141967/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | PWR-Q200 |
Affected:
all firmware versions
|
Date Public
2017-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PWR-Q200",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"datePublic": "2017-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PWR-Q200",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web116.jp/shop/hikari_p/q200/q200_00.html",
"refsource": "CONFIRM",
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10874",
"datePublished": "2017-12-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10829 (GCVE-0-2017-10829)
Vulnerability from nvd – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN26115441/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/remote_support_vulnerability/ | x_refsource_CONFIRM |
| https://flets.com/osa/remote/pc_tool.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
Date Public
2017-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
},
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
}
],
"datePublic": "2017-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26115441",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"name": "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource": "CONFIRM",
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"name": "https://flets.com/osa/remote/pc_tool.html",
"refsource": "MISC",
"url": "https://flets.com/osa/remote/pc_tool.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10829",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47044 (GCVE-0-2024-47044)
Vulnerability from cvelistv5 – Published: 2024-09-26 08:34 – Updated: 2024-10-17 01:33
VLAI
Summary
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-451 - User interface (UI) misrepresentation of critical information
Assigner
References
7 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router RT-400MI |
Affected:
Ver.09.00.0015 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router PR-400MI |
Affected:
Ver.09.00.0015 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Hikari Denwa router RV-440MI |
Affected:
Ver.09.00.0015 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Home GateWay/Hikari Denwa router PR-500MI/RS-500MI/RT-500MI |
Affected:
Ver.08.00.0004 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Home GateWay/Hikari Denwa router PR-600MI/RX-600MI |
Affected:
Ver.01.00.0008 and earlier
|
|
| ntt-east | rv-440mi_firmware |
Affected:
0 , ≤ 09.00.0015
(custom)
cpe:2.3:o:ntt-east:pr-400mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rt-400mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rv-440mi_firmware:-:*:*:*:*:*:*:* |
|
| ntt-east | rt-500mi_firmware |
Affected:
0 , ≤ 08.00.0004
(custom)
cpe:2.3:o:ntt-east:pr-500mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rs-500mi_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rt-500mi_firmware:-:*:*:*:*:*:*:* |
|
| ntt-east | rx-600mi_firmware |
Affected:
0 , ≤ 01.00.0008
(custom)
cpe:2.3:o:ntt-east:pr-600mi_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ntt-east:rx-600mi_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-400mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rt-400mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rv-440mi_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rv-440mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "09.00.0015",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-500mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rs-500mi_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rt-500mi_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-500mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "08.00.0004",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ntt-east:pr-600mi_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:ntt-east:rx-600mi_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rx-600mi_firmware",
"vendor": "ntt-east",
"versions": [
{
"lessThanOrEqual": "01.00.0008",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:32:49.475278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:42:16.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hikari Denwa router RT-400MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Hikari Denwa router PR-400MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Hikari Denwa router RV-440MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.09.00.0015 and earlier"
}
]
},
{
"product": "Home GateWay/Hikari Denwa router PR-500MI/RS-500MI/RT-500MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.08.00.0004 and earlier"
}
]
},
{
"product": "Home GateWay/Hikari Denwa router PR-600MI/RX-600MI",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver.01.00.0008 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product\u0027s Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User interface (UI) misrepresentation of critical information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T01:33:49.083Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web116.jp/ced/support/news/contents/2024/20240930.html"
},
{
"url": "https://web116.jp/ced/support/version/broadband/rt_400mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/pr_400mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/rv_440mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/500mi/"
},
{
"url": "https://web116.jp/ced/support/version/broadband/600mi/"
},
{
"url": "https://jvn.jp/en/jp/JVN78356367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47044",
"datePublished": "2024-09-26T08:34:30.347Z",
"dateReserved": "2024-09-17T04:53:47.412Z",
"dateUpdated": "2024-10-17T01:33:49.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0666 (GCVE-0-2018-0666)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0666",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0665 (GCVE-0-2018-0665)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0665",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0563 (GCVE-0-2018-0563)
Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://flets.com/customer/next/sec/setup/esat_in… | x_refsource_MISC |
| https://flets.com/customer/tec/fvc/setup/esat_ins… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN20040004/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.13.0 and earlier versions and FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets.com/customer/next/sec/setup/esat_install.html",
"refsource": "MISC",
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"name": "https://flets.com/customer/tec/fvc/setup/esat_install.html",
"refsource": "MISC",
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name": "JVN#20040004",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0563",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0515 (GCVE-0-2018-0515)
Vulnerability from cvelistv5 – Published: 2018-02-16 17:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://flets.com/azukeru/login/news/info_180213.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN04564808/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | "FLET'S Azukeru Backup Tool" |
Affected:
version 1.5.2.6 and earlier
|
Date Public
2018-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"FLET\u0027S Azukeru Backup Tool\"",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "version 1.5.2.6 and earlier"
}
]
}
],
"datePublic": "2018-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"FLET\u0027S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"FLET\u0027S Azukeru Backup Tool\"",
"version": {
"version_data": [
{
"version_value": "version 1.5.2.6 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"FLET\u0027S Azukeru Backup Tool\" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets.com/azukeru/login/news/info_180213.html",
"refsource": "MISC",
"url": "https://flets.com/azukeru/login/news/info_180213.html"
},
{
"name": "JVN#04564808",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN04564808/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0515",
"datePublished": "2018-02-16T17:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:10.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0507 (GCVE-0-2018-0507)
Vulnerability from cvelistv5 – Published: 2018-01-26 16:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN26255241/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | FLET'S VIRUS CLEAR Easy Setup & Application Tool |
Affected:
ver.11 and earlier versions
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool |
Affected:
ver.11 and earlier versions
|
Date Public
2018-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26255241",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "ver.11 and earlier versions"
}
]
},
{
"product": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "ver.11 and earlier versions"
}
]
}
],
"datePublic": "2018-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.11 and earlier versions, FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26255241",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"version": {
"version_data": [
{
"version_value": "ver.11 and earlier versions"
}
]
}
},
{
"product_name": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"version": {
"version_data": [
{
"version_value": "ver.11 and earlier versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool ver.11 and earlier versions, FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26255241",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26255241/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0507",
"datePublished": "2018-01-26T16:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:10.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10874 (GCVE-0-2017-10874)
Vulnerability from cvelistv5 – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.
Severity
No CVSS data available.
CWE
- Use of Insufficiently Random Values
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://web116.jp/shop/hikari_p/q200/q200_00.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN73141967/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | PWR-Q200 |
Affected:
all firmware versions
|
Date Public
2017-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PWR-Q200",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"datePublic": "2017-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PWR-Q200",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web116.jp/shop/hikari_p/q200/q200_00.html",
"refsource": "CONFIRM",
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10874",
"datePublished": "2017-12-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10829 (GCVE-0-2017-10829)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN26115441/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/remote_support_vulnerability/ | x_refsource_CONFIRM |
| https://flets.com/osa/remote/pc_tool.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
Date Public
2017-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
},
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
}
],
"datePublic": "2017-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26115441",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"name": "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource": "CONFIRM",
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"name": "https://flets.com/osa/remote/pc_tool.html",
"refsource": "MISC",
"url": "https://flets.com/osa/remote/pc_tool.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10829",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000102
Vulnerability from jvndb - Published: 2024-09-24 16:00 - Updated:2024-10-18 11:02
Severity
Summary
Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
Details
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions (CWE-451).
Keishi Awata of logicalmixed reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000102.html",
"dc:date": "2024-10-18T11:02+09:00",
"dcterms:issued": "2024-09-24T16:00+09:00",
"dcterms:modified": "2024-10-18T11:02+09:00",
"description": "Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions (CWE-451).\r\n\r\nKeishi Awata of logicalmixed reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000102.html",
"sec:cpe": [
{
"#text": "cpe:/h:ntt_east:pr-500mi",
"@product": "PR-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rs-500mi",
"@product": "RS-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-500mi",
"@product": "RT-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:pr-400mi_firmware",
"@product": "PR-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:pr-600mi",
"@product": "PR-600MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rt-400mi_firmware",
"@product": "RT-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rv-440mi_firmware",
"@product": "RV-440MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rx-600mi",
"@product": "RX-600MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000102",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN78356367/index.html",
"@id": "JVN#78356367",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47044",
"@id": "CVE-2024-47044",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions"
}
JVNDB-2022-001477
Vulnerability from jvndb - Published: 2022-03-23 12:08 - Updated:2022-03-23 12:08
Severity
Summary
Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection
Details
Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability (CWE-78, CVE-2022-22986).
Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT East and NTT West and coordinated. NTT East, NTT West and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001477.html",
"dc:date": "2022-03-23T12:08+09:00",
"dcterms:issued": "2022-03-23T12:08+09:00",
"dcterms:modified": "2022-03-23T12:08+09:00",
"description": "Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability (CWE-78, CVE-2022-22986).\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to NTT East and NTT West and coordinated. NTT East, NTT West and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001477.html",
"sec:cpe": [
{
"#text": "cpe:/o:ntt_east:og410xa_firmware",
"@product": "Netcommunity OG410Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:og410xi_firmware",
"@product": "Netcommunity OG410Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:og810xa_firmware",
"@product": "Netcommunity OG810Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:og810xi_firmware",
"@product": "Netcommunity OG810Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g410xa_firmware",
"@product": "Netcommunity OG410Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g410xi_firmware",
"@product": "Netcommunity OG410Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g810xa_firmware",
"@product": "Netcommunity OG810Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g810xi_firmware",
"@product": "Netcommunity OG810Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-001477",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU94900322/index.html",
"@id": "JVNVU#94900322",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-22986",
"@id": "CVE-2022-22986",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-22986",
"@id": "CVE-2022-22986",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection"
}
JVNDB-2019-000043
Vulnerability from jvndb - Published: 2019-06-27 15:36 - Updated:2019-10-08 17:22
Severity
Summary
Multiple vulnerabilities in Hikari Denwa router/Home GateWay
Details
Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2019-5985
* Cross-site Request Forgery (CWE-352) - CVE-2019-5986
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000043.html",
"dc:date": "2019-10-08T17:22+09:00",
"dcterms:issued": "2019-06-27T15:36+09:00",
"dcterms:modified": "2019-10-08T17:22+09:00",
"description": "Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n* Cross-site Scripting (CWE-79) - CVE-2019-5985\r\n* Cross-site Request Forgery (CWE-352) - CVE-2019-5986\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000043.html",
"sec:cpe": [
{
"#text": "cpe:/h:ntt_east:pr-400ki",
"@product": "PR-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-400mi",
"@product": "PR-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-400ne",
"@product": "PR-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-500ki",
"@product": "PR-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-500mi",
"@product": "PR-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-s300hi",
"@product": "PR-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-s300ne",
"@product": "PR-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-s300se",
"@product": "PR-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rs-500ki",
"@product": "RS-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rs-500mi",
"@product": "RS-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-400ki",
"@product": "RT-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-400mi",
"@product": "RT-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-400ne",
"@product": "RT-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-500ki",
"@product": "RT-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-500mi",
"@product": "RT-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-s300hi",
"@product": "RT-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-s300ne",
"@product": "RT-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-s300se",
"@product": "RT-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-440ki",
"@product": "RV-440KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-440mi",
"@product": "RV-440MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-440ne",
"@product": "RV-440NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-s340hi",
"@product": "RV-S340HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-s340ne",
"@product": "RV-S340NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-s340se",
"@product": "RV-S340SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-400ki",
"@product": "PR-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-400mi",
"@product": "PR-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-400ne",
"@product": "PR-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-500ki",
"@product": "PR-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-500mi",
"@product": "PR-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-s300hi",
"@product": "PR-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-s300ne",
"@product": "PR-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-s300se",
"@product": "PR-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-400ki",
"@product": "RT-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-400mi",
"@product": "RT-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-400ne",
"@product": "RT-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-500ki",
"@product": "RT-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-500mi",
"@product": "RT-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-s300hi",
"@product": "RT-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-s300ne",
"@product": "RT-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-s300se",
"@product": "RT-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-440ki",
"@product": "RV-440KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-440mi",
"@product": "RV-440MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-440ne",
"@product": "RV-440NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-s340hi",
"@product": "RV-S340HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-s340ne",
"@product": "RV-S340NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-s340se",
"@product": "RV-S340SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43172719/index.html",
"@id": "JVN#43172719",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5985",
"@id": "CVE-2019-5985",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5986",
"@id": "CVE-2019-5986",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5985",
"@id": "CVE-2019-5985",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5986",
"@id": "CVE-2019-5986",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Hikari Denwa router/Home GateWay"
}
JVNDB-2018-000057
Vulnerability from jvndb - Published: 2018-05-29 13:47 - Updated:2019-12-27 18:09
Severity
Summary
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file
Details
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file (CWE-427).
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000057.html",
"dc:date": "2019-12-27T18:09+09:00",
"dcterms:issued": "2018-05-29T13:47+09:00",
"dcterms:modified": "2019-12-27T18:09+09:00",
"description": "The installer of \"FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool\" and \"FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool\" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file (CWE-427).\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000057.html",
"sec:cpe": [
{
"#text": "cpe:/a:ntt_east:flet%27s_virus_clear_easy_setup_%26_application_tool",
"@product": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/a:ntt_east:flet%27s_virus_clear_v6_easy_setup_%26_application_tool",
"@product": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000057",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20040004/index.html",
"@id": "JVN#20040004",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0563",
"@id": "CVE-2018-0563",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0563",
"@id": "CVE-2018-0563",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of \"FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool\" and \"FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool\" may insecurely invoke an executable file"
}
JVNDB-2018-000012
Vulnerability from jvndb - Published: 2018-02-13 15:37 - Updated:2018-04-11 12:25
Severity
Summary
Installer of "FLET'S Azukeru Backup Tool" may insecurely load Dynamic Link Libraries
Details
"FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000012.html",
"dc:date": "2018-04-11T12:25+09:00",
"dcterms:issued": "2018-02-13T15:37+09:00",
"dcterms:modified": "2018-04-11T12:25+09:00",
"description": "\"FLET\u0027S Azukeru Backup Tool\" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user\u0027s computer to \"FLET\u0027S Azukeru\" service. Installer of \"FLET\u0027S Azukeru Backup Tool\" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000012.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_east:flet%27s_azukeru_backup_tool",
"@product": "FLET\u0027S Azukeru Backup Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000012",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN04564808/index.html",
"@id": "JVN#04564808",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0515",
"@id": "CVE-2018-0515",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0515",
"@id": "CVE-2018-0515",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of \"FLET\u0027S Azukeru Backup Tool\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2018-000004
Vulnerability from jvndb - Published: 2018-01-22 14:17 - Updated:2018-04-11 11:44
Severity
Summary
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries
Details
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000004.html",
"dc:date": "2018-04-11T11:44+09:00",
"dcterms:issued": "2018-01-22T14:17+09:00",
"dcterms:modified": "2018-04-11T11:44+09:00",
"description": "The installer of \"FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool\" and \"FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool\" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000004.html",
"sec:cpe": [
{
"#text": "cpe:/a:ntt_east:flet%27s_virus_clear_easy_setup_%26_application_tool",
"@product": "FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/a:ntt_east:flet%27s_virus_clear_v6_easy_setup_%26_application_tool",
"@product": "FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000004",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26255241/index.html",
"@id": "JVN#26255241",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0507",
"@id": "CVE-2018-0507",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0507",
"@id": "CVE-2018-0507",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of \"FLET\u0027S VIRUS CLEAR Easy Setup \u0026 Application Tool\" and \"FLET\u0027S VIRUS CLEAR v6 Easy Setup \u0026 Application Tool\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000240
Vulnerability from jvndb - Published: 2017-11-22 13:51 - Updated:2018-03-14 14:19
Severity
Summary
PWR-Q200 vulnerable to DNS cache poisoning attacks
Details
PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port (CWE-330).
Toshifumi Sakaguchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000240.html",
"dc:date": "2018-03-14T14:19+09:00",
"dcterms:issued": "2017-11-22T13:51+09:00",
"dcterms:modified": "2018-03-14T14:19+09:00",
"description": "PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port (CWE-330).\r\n\r\nToshifumi Sakaguchi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000240.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_east:pwr-q200",
"@product": "PWR-Q200",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000240",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73141967/index.html",
"@id": "JVN#73141967",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10874",
"@id": "CVE-2017-10874",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10874",
"@id": "CVE-2017-10874",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "PWR-Q200 vulnerable to DNS cache poisoning attacks"
}
JVNDB-2017-000211
Vulnerability from jvndb - Published: 2017-08-30 15:10 - Updated:2017-08-30 15:10
Severity
Summary
Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries
Details
Installer of "Remote Support Tool (Enkaku Support Tool)" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000211.html",
"dc:date": "2017-08-30T15:10+09:00",
"dcterms:issued": "2017-08-30T15:10+09:00",
"dcterms:modified": "2017-08-30T15:10+09:00",
"description": "Installer of \"Remote Support Tool (Enkaku Support Tool)\" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000211.html",
"sec:cpe": [
{
"#text": "cpe:/a:ntt_east:enkaku_support_tool",
"@product": "Remote Support Tool (Enkaku Support Tool)",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/a:ntt_west:enkaku_support_tool",
"@product": "Remote Support Tool (Enkaku Support Tool)",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000211",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN26115441/index.html",
"@id": "JVN#26115441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10829",
"@id": "CVE-2017-10829",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10829",
"@id": "CVE-2017-10829",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of \"Remote Support Tool (Enkaku Support Tool)\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2016-000106
Vulnerability from jvndb - Published: 2016-06-27 14:19 - Updated:2016-08-03 16:07
Severity
Summary
Multiple Hikari Denwa routers vulnerable to cross-site request forgery
Details
Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability (CWE-352).
Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000106.html",
"dc:date": "2016-08-03T16:07+09:00",
"dcterms:issued": "2016-06-27T14:19+09:00",
"dcterms:modified": "2016-08-03T16:07+09:00",
"description": "Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nRyoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000106.html",
"sec:cpe": [
{
"#text": "cpe:/o:ntt_east:pr-400mi_firmware",
"@product": "PR-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rt-400mi_firmware",
"@product": "RT-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rv-440mi_firmware",
"@product": "RV-440MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:pr-400mi_firmware",
"@product": "PR-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:rt-400mi_firmware",
"@product": "RT-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:rv-440mi_firmware",
"@product": "RV-440MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000106",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN45034304/index.html",
"@id": "JVN#45034304",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1228",
"@id": "CVE-2016-1228",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1228",
"@id": "CVE-2016-1228",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Hikari Denwa routers vulnerable to cross-site request forgery"
}
JVNDB-2016-000105
Vulnerability from jvndb - Published: 2016-06-27 14:10 - Updated:2016-08-03 16:07
Severity
Summary
Multiple Hikari Denwa routers vulnerable to OS command injection
Details
Multiple Hikari Denwa routers contain an OS command injection vulnerability (CWE-78).
Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000105.html",
"dc:date": "2016-08-03T16:07+09:00",
"dcterms:issued": "2016-06-27T14:10+09:00",
"dcterms:modified": "2016-08-03T16:07+09:00",
"description": "Multiple Hikari Denwa routers contain an OS command injection vulnerability (CWE-78).\r\n\r\nRyoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000105.html",
"sec:cpe": [
{
"#text": "cpe:/o:ntt_east:pr-400mi_firmware",
"@product": "PR-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rt-400mi_firmware",
"@product": "RT-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:rv-440mi_firmware",
"@product": "RV-440MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:pr-400mi_firmware",
"@product": "PR-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:rt-400mi_firmware",
"@product": "RT-400MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:rv-440mi_firmware",
"@product": "RV-440MI firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000105",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN77403442/index.html",
"@id": "JVN#77403442",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1227",
"@id": "CVE-2016-1227",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1227",
"@id": "CVE-2016-1227",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple Hikari Denwa routers vulnerable to OS command injection"
}