Search
Find a vulnerability
Search criteria
35 vulnerabilities by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
JVNDB-2022-001477
Vulnerability from jvndb - Published: 2022-03-23 12:08 - Updated:2022-03-23 12:08
Severity
Summary
Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection
Details
Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability (CWE-78, CVE-2022-22986).
Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT East and NTT West and coordinated. NTT East, NTT West and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001477.html",
"dc:date": "2022-03-23T12:08+09:00",
"dcterms:issued": "2022-03-23T12:08+09:00",
"dcterms:modified": "2022-03-23T12:08+09:00",
"description": "Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability (CWE-78, CVE-2022-22986).\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to NTT East and NTT West and coordinated. NTT East, NTT West and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001477.html",
"sec:cpe": [
{
"#text": "cpe:/o:ntt_east:og410xa_firmware",
"@product": "Netcommunity OG410Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:og410xi_firmware",
"@product": "Netcommunity OG410Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:og810xa_firmware",
"@product": "Netcommunity OG810Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_east:og810xi_firmware",
"@product": "Netcommunity OG810Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g410xa_firmware",
"@product": "Netcommunity OG410Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g410xi_firmware",
"@product": "Netcommunity OG410Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g810xa_firmware",
"@product": "Netcommunity OG810Xa firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:ntt_west:netcommunity_0g810xi_firmware",
"@product": "Netcommunity OG810Xi firmware",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-001477",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU94900322/index.html",
"@id": "JVNVU#94900322",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-22986",
"@id": "CVE-2022-22986",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-22986",
"@id": "CVE-2022-22986",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection"
}
JVNDB-2019-000043
Vulnerability from jvndb - Published: 2019-06-27 15:36 - Updated:2019-10-08 17:22
Severity
Summary
Multiple vulnerabilities in Hikari Denwa router/Home GateWay
Details
Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2019-5985
* Cross-site Request Forgery (CWE-352) - CVE-2019-5986
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000043.html",
"dc:date": "2019-10-08T17:22+09:00",
"dcterms:issued": "2019-06-27T15:36+09:00",
"dcterms:modified": "2019-10-08T17:22+09:00",
"description": "Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below.\r\n\r\n* Cross-site Scripting (CWE-79) - CVE-2019-5985\r\n* Cross-site Request Forgery (CWE-352) - CVE-2019-5986\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000043.html",
"sec:cpe": [
{
"#text": "cpe:/h:ntt_east:pr-400ki",
"@product": "PR-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-400mi",
"@product": "PR-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-400ne",
"@product": "PR-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-500ki",
"@product": "PR-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-500mi",
"@product": "PR-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-s300hi",
"@product": "PR-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-s300ne",
"@product": "PR-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:pr-s300se",
"@product": "PR-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rs-500ki",
"@product": "RS-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rs-500mi",
"@product": "RS-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-400ki",
"@product": "RT-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-400mi",
"@product": "RT-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-400ne",
"@product": "RT-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-500ki",
"@product": "RT-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-500mi",
"@product": "RT-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-s300hi",
"@product": "RT-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-s300ne",
"@product": "RT-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rt-s300se",
"@product": "RT-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-440ki",
"@product": "RV-440KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-440mi",
"@product": "RV-440MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-440ne",
"@product": "RV-440NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-s340hi",
"@product": "RV-S340HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-s340ne",
"@product": "RV-S340NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_east:rv-s340se",
"@product": "RV-S340SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-400ki",
"@product": "PR-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-400mi",
"@product": "PR-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-400ne",
"@product": "PR-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-500ki",
"@product": "PR-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-500mi",
"@product": "PR-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-s300hi",
"@product": "PR-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-s300ne",
"@product": "PR-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:pr-s300se",
"@product": "PR-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-400ki",
"@product": "RT-400KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-400mi",
"@product": "RT-400MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-400ne",
"@product": "RT-400NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-500ki",
"@product": "RT-500KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-500mi",
"@product": "RT-500MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-s300hi",
"@product": "RT-S300HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-s300ne",
"@product": "RT-S300NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rt-s300se",
"@product": "RT-S300SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-440ki",
"@product": "RV-440KI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-440mi",
"@product": "RV-440MI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-440ne",
"@product": "RV-440NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-s340hi",
"@product": "RV-S340HI",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-s340ne",
"@product": "RV-S340NE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/h:ntt_west:rv-s340se",
"@product": "RV-S340SE",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43172719/index.html",
"@id": "JVN#43172719",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5985",
"@id": "CVE-2019-5985",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5986",
"@id": "CVE-2019-5986",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5985",
"@id": "CVE-2019-5985",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5986",
"@id": "CVE-2019-5986",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Hikari Denwa router/Home GateWay"
}
JVNDB-2018-000118
Vulnerability from jvndb - Published: 2018-11-09 16:13 - Updated:2019-08-27 18:03
Severity
Summary
The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries
Details
The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000118.html",
"dc:date": "2019-08-27T18:03+09:00",
"dcterms:issued": "2018-11-09T16:13+09:00",
"dcterms:modified": "2019-08-27T18:03+09:00",
"description": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000118.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_west:fall_creators_update",
"@product": "Windows10 Fall Creators Update Modify module for Security Measures tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000118",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN15709478/index.html",
"@id": "JVN#15709478",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16177",
"@id": "CVE-2018-16177",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16177",
"@id": "CVE-2018-16177",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries"
}
JVNDB-2018-000014
Vulnerability from jvndb - Published: 2018-02-13 15:43 - Updated:2018-04-11 12:28
Severity
Summary
Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries
Details
Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000014.html",
"dc:date": "2018-04-11T12:28+09:00",
"dcterms:issued": "2018-02-13T15:43+09:00",
"dcterms:modified": "2018-04-11T12:28+09:00",
"description": "Application and self-extracting archive containing the application of \"FLET\u0027S v4 / v6 address selection tool\" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000014.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_west:flet%27s_address_sentaku_tool",
"@product": "FLET\u0027S v4/v6 address selection tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000014",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87403477/index.html",
"@id": "JVN#87403477",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0516",
"@id": "CVE-2018-0516",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0516",
"@id": "CVE-2018-0516",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Application and self-extracting archive containing the application of \"FLET\u0027S v4 / v6 address selection tool\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000213
Vulnerability from jvndb - Published: 2017-11-02 13:57 - Updated:2018-03-14 13:48
Severity
Summary
Installer of "Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries
Details
Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000213.html",
"dc:date": "2018-03-14T13:48+09:00",
"dcterms:issued": "2017-11-02T13:57+09:00",
"dcterms:modified": "2018-03-14T13:48+09:00",
"description": "Installer of \"Flets Easy Setup Tool\" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000213.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_west:flet%27s_kantan_setup_tool",
"@product": "Flets Easy Setup Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000213",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97243511/index.html",
"@id": "JVN#97243511",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10825",
"@id": "CVE-2017-10825",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10825",
"@id": "CVE-2017-10825",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of \"Flets Easy Setup Tool\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000211
Vulnerability from jvndb - Published: 2017-08-30 15:10 - Updated:2017-08-30 15:10
Severity
Summary
Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries
Details
Installer of "Remote Support Tool (Enkaku Support Tool)" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000211.html",
"dc:date": "2017-08-30T15:10+09:00",
"dcterms:issued": "2017-08-30T15:10+09:00",
"dcterms:modified": "2017-08-30T15:10+09:00",
"description": "Installer of \"Remote Support Tool (Enkaku Support Tool)\" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000211.html",
"sec:cpe": [
{
"#text": "cpe:/a:ntt_east:enkaku_support_tool",
"@product": "Remote Support Tool (Enkaku Support Tool)",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/a:ntt_west:enkaku_support_tool",
"@product": "Remote Support Tool (Enkaku Support Tool)",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000211",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN26115441/index.html",
"@id": "JVN#26115441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10829",
"@id": "CVE-2017-10829",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10829",
"@id": "CVE-2017-10829",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of \"Remote Support Tool (Enkaku Support Tool)\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000214
Vulnerability from jvndb - Published: 2017-08-25 15:02 - Updated:2018-02-28 14:07
Severity
Summary
Installer of "Flets Install Tool" may insecurely load Dynamic Link Libraries
Details
Installer of "Flets Install Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000214.html",
"dc:date": "2018-02-28T14:07+09:00",
"dcterms:issued": "2017-08-25T15:02+09:00",
"dcterms:modified": "2018-02-28T14:07+09:00",
"description": "Installer of \"Flets Install Tool\" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000214.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_west:flet%27s_install_tool",
"@product": "Flets Install Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000214",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14926025/index.html",
"@id": "JVN#14926025",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10828",
"@id": "CVE-2017-10828",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10828",
"@id": "CVE-2017-10828",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of \"Flets Install Tool\" may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000212
Vulnerability from jvndb - Published: 2017-08-25 15:02 - Updated:2018-02-28 14:07
Severity
Summary
Installer of "Flets Azukeru for Windows Auto Backup Tool" may insecurely load Dynamic Link Libraries
Details
Installer of "Flets Azukeru for Windows Auto Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000212.html",
"dc:date": "2018-02-28T14:07+09:00",
"dcterms:issued": "2017-08-25T15:02+09:00",
"dcterms:modified": "2018-02-28T14:07+09:00",
"description": "Installer of \"Flets Azukeru for Windows Auto Backup Tool\" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000212.html",
"sec:cpe": {
"#text": "cpe:/a:ntt_west:flet%27s_azukeru_pc_autobackup_tool",
"@product": "Flets Azukeru Auto Backup Tool",
"@vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000212",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14658714/index.html",
"@id": "JVN#14658714",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10827",
"@id": "CVE-2017-10827",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10827",
"@id": "CVE-2017-10827",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of \"Flets Azukeru for Windows Auto Backup Tool\" may insecurely load Dynamic Link Libraries"
}
CVE-2018-16177 (GCVE-0-2018-16177)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://f-security.jp/v6/support/information/1001… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN15709478/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | The installer of Windows10 Fall Creators Update Modify module for Security Measures tool |
Affected:
Windows10 Fall Creators Update Modify module for Security Measures tool
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://f-security.jp/v6/support/information/100193.html"
},
{
"name": "JVN#15709478",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15709478/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Windows10 Fall Creators Update Modify module for Security Measures tool"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T09:52:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://f-security.jp/v6/support/information/100193.html"
},
{
"name": "JVN#15709478",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15709478/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool",
"version": {
"version_data": [
{
"version_value": "Windows10 Fall Creators Update Modify module for Security Measures tool"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://f-security.jp/v6/support/information/100193.html",
"refsource": "MISC",
"url": "https://f-security.jp/v6/support/information/100193.html"
},
{
"name": "JVN#15709478",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15709478/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16177",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0666 (GCVE-0-2018-0666)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0666",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0665 (GCVE-0-2018-0665)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0665",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0516 (GCVE-0-2018-0516)
Vulnerability from nvd – Published: 2018-02-16 17:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN87403477/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/2018/20180207a.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | FLET'S v4 / v6 address selection tool |
Affected:
all versions
|
Date Public
2018-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#87403477",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87403477/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/2018/20180207a.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLET\u0027S v4 / v6 address selection tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in FLET\u0027S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#87403477",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN87403477/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/2018/20180207a.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLET\u0027S v4 / v6 address selection tool",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in FLET\u0027S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#87403477",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN87403477/index.html"
},
{
"name": "http://flets-w.com/topics/2018/20180207a.html",
"refsource": "MISC",
"url": "http://flets-w.com/topics/2018/20180207a.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0516",
"datePublished": "2018-02-16T17:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10825 (GCVE-0-2017-10825)
Vulnerability from nvd – Published: 2017-11-02 15:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://flets-w.com/topics/setup_tool_vulnerability/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN97243511/278948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Installer of Flets Easy Setup Tool |
Affected:
Ver1.2.0 and earlier
|
Date Public
2017-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/setup_tool_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97243511/278948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Flets Easy Setup Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/setup_tool_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97243511/278948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Flets Easy Setup Tool",
"version": {
"version_data": [
{
"version_value": "Ver1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://flets-w.com/topics/setup_tool_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/setup_tool_vulnerability/"
},
{
"name": "https://jvn.jp/en/jp/JVN97243511/278948/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97243511/278948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10825",
"datePublished": "2017-11-02T15:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10829 (GCVE-0-2017-10829)
Vulnerability from nvd – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN26115441/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/remote_support_vulnerability/ | x_refsource_CONFIRM |
| https://flets.com/osa/remote/pc_tool.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
Date Public
2017-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
},
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
}
],
"datePublic": "2017-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26115441",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"name": "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource": "CONFIRM",
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"name": "https://flets.com/osa/remote/pc_tool.html",
"refsource": "MISC",
"url": "https://flets.com/osa/remote/pc_tool.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10829",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2242 (GCVE-0-2017-2242)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN22272314/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/setsuzoku_tool_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Flets Setsuzoku Tool for Windows |
Affected:
All versions
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#22272314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22272314/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flets Setsuzoku Tool for Windows",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#22272314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN22272314/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flets Setsuzoku Tool for Windows",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#22272314",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN22272314/index.html"
},
{
"name": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2242",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10830 (GCVE-0-2017-10830)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN36303528/index.html | third-party-advisoryx_refsource_JVN |
| http://f-security.jp/v6/support/information/100161.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Security Setup Tool |
Affected:
All versions
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#36303528",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36303528/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://f-security.jp/v6/support/information/100161.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Setup Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#36303528",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN36303528/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://f-security.jp/v6/support/information/100161.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Setup Tool",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#36303528",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN36303528/index.html"
},
{
"name": "http://f-security.jp/v6/support/information/100161.html",
"refsource": "MISC",
"url": "http://f-security.jp/v6/support/information/100161.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10830",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10828 (GCVE-0-2017-10828)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14926025/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/inst_tool_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Flets Install Tool |
Affected:
All versions distributed through the website till 2017 August 8
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14926025",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14926025/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/inst_tool_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flets Install Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 8"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14926025",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14926025/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/inst_tool_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flets Install Tool",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 8"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14926025",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14926025/index.html"
},
{
"name": "http://flets-w.com/topics/inst_tool_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/inst_tool_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10828",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10827 (GCVE-0-2017-10827)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14658714/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/azukeru_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Flets Azukeru for Windows Auto Backup Tool |
Affected:
v1.0.3.0 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14658714",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14658714/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/azukeru_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flets Azukeru for Windows Auto Backup Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "v1.0.3.0 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14658714",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14658714/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/azukeru_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flets Azukeru for Windows Auto Backup Tool",
"version": {
"version_data": [
{
"version_value": "v1.0.3.0 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14658714",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14658714/index.html"
},
{
"name": "http://flets-w.com/topics/azukeru_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/azukeru_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10827",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10826 (GCVE-0-2017-10826)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN11601216/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/mihariban_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Security Kinou Mihariban |
Affected:
v1.0.21 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#11601216",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN11601216/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/mihariban_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Kinou Mihariban",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "v1.0.21 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#11601216",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN11601216/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/mihariban_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Kinou Mihariban",
"version": {
"version_data": [
{
"version_value": "v1.0.21 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#11601216",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN11601216/index.html"
},
{
"name": "http://flets-w.com/topics/mihariban_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/mihariban_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10826",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16177 (GCVE-0-2018-16177)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://f-security.jp/v6/support/information/1001… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN15709478/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | The installer of Windows10 Fall Creators Update Modify module for Security Measures tool |
Affected:
Windows10 Fall Creators Update Modify module for Security Measures tool
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://f-security.jp/v6/support/information/100193.html"
},
{
"name": "JVN#15709478",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15709478/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Windows10 Fall Creators Update Modify module for Security Measures tool"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T09:52:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://f-security.jp/v6/support/information/100193.html"
},
{
"name": "JVN#15709478",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15709478/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool",
"version": {
"version_data": [
{
"version_value": "Windows10 Fall Creators Update Modify module for Security Measures tool"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://f-security.jp/v6/support/information/100193.html",
"refsource": "MISC",
"url": "https://f-security.jp/v6/support/information/100193.html"
},
{
"name": "JVN#15709478",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15709478/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16177",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0665 (GCVE-0-2018-0665)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0665",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0666 (GCVE-0-2018-0666)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
Severity
No CVSS data available.
CWE
- Script Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://flets-w.com/solution/kiki_info/info/180829.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN69967692/index.html | third-party-advisoryx_refsource_JVN |
| https://web116.jp/ced/support/news/contents/2018/… | x_refsource_MISC |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT57i |
Affected:
Rev.8.00.95 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router RT58i |
Affected:
Rev.9.01.51 and earlier
|
|
| Yamaha Corporation | Yamaha Broadband VoIP Router NVR500 |
Affected:
Rev.11.00.36 and earlier
|
|
| Yamaha Corporation | Yamaha Gigabit VPN Router RTX810 |
Affected:
Rev.11.01.31 and earlier
|
|
| Yamaha Corporation | Yamaha Firewall FWX120 |
Affected:
Rev.11.03.25 and earlier
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Biz Box Router N58i, N500, NVR500, and RTX810 |
Affected:
n/a
|
|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Biz Box Router N58i, and N500 |
Affected:
n/a
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Yamaha Broadband VoIP Router RT57i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.8.00.95 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router RT58i",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.9.01.51 and earlier"
}
]
},
{
"product": "Yamaha Broadband VoIP Router NVR500",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.00.36 and earlier"
}
]
},
{
"product": "Yamaha Gigabit VPN Router RTX810",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.01.31 and earlier"
}
]
},
{
"product": "Yamaha Firewall FWX120",
"vendor": "Yamaha Corporation",
"versions": [
{
"status": "affected",
"version": "Rev.11.03.25 and earlier"
}
]
},
{
"product": "Biz Box Router N58i, N500, NVR500, and RTX810",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Biz Box Router N58i, and N500",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name": "Yamaha Corporation"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0666",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0516 (GCVE-0-2018-0516)
Vulnerability from cvelistv5 – Published: 2018-02-16 17:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN87403477/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/2018/20180207a.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | FLET'S v4 / v6 address selection tool |
Affected:
all versions
|
Date Public
2018-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#87403477",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87403477/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/2018/20180207a.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FLET\u0027S v4 / v6 address selection tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in FLET\u0027S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#87403477",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN87403477/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/2018/20180207a.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLET\u0027S v4 / v6 address selection tool",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in FLET\u0027S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#87403477",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN87403477/index.html"
},
{
"name": "http://flets-w.com/topics/2018/20180207a.html",
"refsource": "MISC",
"url": "http://flets-w.com/topics/2018/20180207a.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0516",
"datePublished": "2018-02-16T17:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10825 (GCVE-0-2017-10825)
Vulnerability from cvelistv5 – Published: 2017-11-02 15:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://flets-w.com/topics/setup_tool_vulnerability/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN97243511/278948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Installer of Flets Easy Setup Tool |
Affected:
Ver1.2.0 and earlier
|
Date Public
2017-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/setup_tool_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97243511/278948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Flets Easy Setup Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/setup_tool_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97243511/278948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Flets Easy Setup Tool",
"version": {
"version_data": [
{
"version_value": "Ver1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://flets-w.com/topics/setup_tool_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/setup_tool_vulnerability/"
},
{
"name": "https://jvn.jp/en/jp/JVN97243511/278948/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97243511/278948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10825",
"datePublished": "2017-11-02T15:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10829 (GCVE-0-2017-10829)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN26115441/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/remote_support_vulnerability/ | x_refsource_CONFIRM |
| https://flets.com/osa/remote/pc_tool.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Remote Support Tool (Enkaku Support Tool) |
Affected:
All versions distributed through the website till 2017 August 10
|
Date Public
2017-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
},
{
"product": "Remote Support Tool (Enkaku Support Tool)",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 10"
}
]
}
],
"datePublic": "2017-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26115441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flets.com/osa/remote/pc_tool.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
},
{
"product": {
"product_data": [
{
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26115441",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"name": "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource": "CONFIRM",
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"name": "https://flets.com/osa/remote/pc_tool.html",
"refsource": "MISC",
"url": "https://flets.com/osa/remote/pc_tool.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10829",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10828 (GCVE-0-2017-10828)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14926025/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/inst_tool_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Flets Install Tool |
Affected:
All versions distributed through the website till 2017 August 8
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14926025",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14926025/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/inst_tool_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flets Install Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions distributed through the website till 2017 August 8"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14926025",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14926025/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/inst_tool_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flets Install Tool",
"version": {
"version_data": [
{
"version_value": "All versions distributed through the website till 2017 August 8"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14926025",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14926025/index.html"
},
{
"name": "http://flets-w.com/topics/inst_tool_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/inst_tool_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10828",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10827 (GCVE-0-2017-10827)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14658714/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/azukeru_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Flets Azukeru for Windows Auto Backup Tool |
Affected:
v1.0.3.0 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14658714",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14658714/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/azukeru_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flets Azukeru for Windows Auto Backup Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "v1.0.3.0 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14658714",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14658714/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/azukeru_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flets Azukeru for Windows Auto Backup Tool",
"version": {
"version_data": [
{
"version_value": "v1.0.3.0 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14658714",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14658714/index.html"
},
{
"name": "http://flets-w.com/topics/azukeru_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/azukeru_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10827",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2242 (GCVE-0-2017-2242)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN22272314/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/setsuzoku_tool_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Flets Setsuzoku Tool for Windows |
Affected:
All versions
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#22272314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22272314/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flets Setsuzoku Tool for Windows",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#22272314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN22272314/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flets Setsuzoku Tool for Windows",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#22272314",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN22272314/index.html"
},
{
"name": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2242",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10830 (GCVE-0-2017-10830)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN36303528/index.html | third-party-advisoryx_refsource_JVN |
| http://f-security.jp/v6/support/information/100161.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Security Setup Tool |
Affected:
All versions
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#36303528",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36303528/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://f-security.jp/v6/support/information/100161.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Setup Tool",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#36303528",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN36303528/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://f-security.jp/v6/support/information/100161.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Setup Tool",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#36303528",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN36303528/index.html"
},
{
"name": "http://f-security.jp/v6/support/information/100161.html",
"refsource": "MISC",
"url": "http://f-security.jp/v6/support/information/100161.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10830",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10826 (GCVE-0-2017-10826)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN11601216/index.html | third-party-advisoryx_refsource_JVN |
| http://flets-w.com/topics/mihariban_vulnerability/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION | Security Kinou Mihariban |
Affected:
v1.0.21 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#11601216",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN11601216/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flets-w.com/topics/mihariban_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Kinou Mihariban",
"vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
"versions": [
{
"status": "affected",
"version": "v1.0.21 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#11601216",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN11601216/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flets-w.com/topics/mihariban_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Kinou Mihariban",
"version": {
"version_data": [
{
"version_value": "v1.0.21 and earlier"
}
]
}
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#11601216",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN11601216/index.html"
},
{
"name": "http://flets-w.com/topics/mihariban_vulnerability/",
"refsource": "MISC",
"url": "http://flets-w.com/topics/mihariban_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10826",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}