Search

Find a vulnerability

Search criteria

    19 vulnerabilities by Yamaha Corporation

    JVNDB-2024-001062

    Vulnerability from jvndb - Published: 2024-01-24 17:16 - Updated:2024-03-13 17:24
    Severity
    Summary
    Yamaha wireless LAN access point devices vulnerable to active debug code
    Details
    Active debug code (CWE-489) exists in wireless LAN access point devices provided by Yamaha Corporation. The debug function can be enabled by performing specific operations. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001062.html",
      "dc:date": "2024-03-13T17:24+09:00",
      "dcterms:issued": "2024-01-24T17:16+09:00",
      "dcterms:modified": "2024-03-13T17:24+09:00",
      "description": "Active debug code (CWE-489) exists in wireless LAN access point devices provided by Yamaha Corporation.\r\nThe debug function can be enabled by performing specific operations.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001062.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:yamaha:wlx202_firmware",
          "@product": "WLX202 firmware",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:wlx212_firmware",
          "@product": "WLX212 firmware",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:wlx222_firmware",
          "@product": "WLX222 firmware",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:wlx313_firmware",
          "@product": "WLX313 firmware",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:wlx413_firmware",
          "@product": "WLX413 firmware",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.2",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-001062",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU99896362/index.html",
          "@id": "JVNVU#99896362",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-22366",
          "@id": "CVE-2024-22366",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22366",
          "@id": "CVE-2024-22366",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/489.html",
          "@id": "CWE-489",
          "@title": "Active Debug Code(CWE-489)"
        }
      ],
      "title": "Yamaha wireless LAN access point devices vulnerable to active debug code"
    }

    JVNDB-2021-003929

    Vulnerability from jvndb - Published: 2021-12-24 10:51 - Updated:2021-12-24 10:51
    Severity
    Summary
    Multiple vulnerabilities in multiple Yamaha routers
    Details
    Multiple routers provided by Yamaha Corporation contain multiple vulnerabilities listed below. * Cross-site script inclusion (CWE-829) - CVE-2021-20843 * Improper neutralization of HTTP request headers for scripting syntax (CWE-644) - CVE-2021-20844 Shoji Baba of IERAE SECURITY INC. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003929.html",
      "dc:date": "2021-12-24T10:51+09:00",
      "dcterms:issued": "2021-12-24T10:51+09:00",
      "dcterms:modified": "2021-12-24T10:51+09:00",
      "description": "Multiple routers provided by Yamaha Corporation contain multiple vulnerabilities listed below.\r\n\r\n  * Cross-site script inclusion (CWE-829) - CVE-2021-20843\r\n  * Improper neutralization of HTTP request headers for scripting syntax (CWE-644) - CVE-2021-20844\r\n\r\nShoji Baba of IERAE SECURITY INC. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003929.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:yamaha:nvr510_firmware",
          "@product": "NVR510",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:nvr700w_firmware",
          "@product": "NVR700W",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx1210_firmware",
          "@product": "RTX1210",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx830_firmware",
          "@product": "RTX830",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "3.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-003929",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
          "@id": "JVNVU#91161784",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20843",
          "@id": "CVE-2021-20843",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20844",
          "@id": "CVE-2021-20844",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20843",
          "@id": "CVE-2021-20843",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20844",
          "@id": "CVE-2021-20844",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/644.html",
          "@id": "CWE-644",
          "@title": "Improper Neutralization of HTTP Headers for Scripting Syntax(CWE-644)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/829.html",
          "@id": "CWE-829",
          "@title": "Inclusion of Functionality from Untrusted Control Sphere(CWE-829)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple Yamaha routers"
    }

    JVNDB-2020-000021

    Vulnerability from jvndb - Published: 2020-03-31 17:44 - Updated:2020-04-01 18:38
    Severity
    Summary
    Multiple Yamaha network devices vulnerable to denial-of-service (DoS)
    Details
    Multiple network devices provided by Yamaha Corporation contain a denial-of-service (DoS) vulnerability. NIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000021.html",
      "dc:date": "2020-04-01T18:38+09:00",
      "dcterms:issued": "2020-03-31T17:44+09:00",
      "dcterms:modified": "2020-04-01T18:38+09:00",
      "description": "Multiple network devices provided by Yamaha Corporation contain a denial-of-service (DoS) vulnerability.\r\n\r\nNIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000021.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:yamaha:fwx120_firmware",
          "@product": "FWX120",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:nvr500_firmware",
          "@product": "NVR500",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:nvr510_firmware",
          "@product": "NVR510",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:nvr700w_firmware",
          "@product": "NVR700W",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx1200_firmware",
          "@product": "RTX1200",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx1210_firmware",
          "@product": "RTX1210",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx3500_firmware",
          "@product": "RTX3500",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx5000_firmware",
          "@product": "RTX5000",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx810_firmware",
          "@product": "RTX810",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx830_firmware",
          "@product": "RTX830",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.1",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "@version": "2.0"
        },
        {
          "@score": "5.9",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000021",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN38732359/index.html",
          "@id": "JVN#38732359",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5548",
          "@id": "CVE-2020-5548",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5548",
          "@id": "CVE-2020-5548",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple Yamaha network devices vulnerable to denial-of-service (DoS)"
    }

    JVNDB-2018-000093

    Vulnerability from jvndb - Published: 2018-08-29 18:01 - Updated:2019-08-27 17:53
    Severity
    Summary
    Multiple script injection vulnerabilities in multiple Yamaha network devices
    Details
    The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000093.html",
      "dc:date": "2019-08-27T17:53+09:00",
      "dcterms:issued": "2018-08-29T18:01+09:00",
      "dcterms:modified": "2019-08-27T17:53+09:00",
      "description": "The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).\r\n\r\nThe following researchers reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2018-0665\r\nHayato Doi of Kanazawa Institute of Technology\r\n\r\nCVE-2018-0666\r\nTomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000093.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:yamaha:fwx120_firmware",
          "@product": "FWX120",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:nvr500_firmware",
          "@product": "NVR500",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rt57i_firmware",
          "@product": "RT57i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rt58i_firmware",
          "@product": "RT58i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rtx810_firmware",
          "@product": "RTX810",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "2.7",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000093",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN69967692/index.html",
          "@id": "JVN#69967692",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0665",
          "@id": "CVE-2018-0665",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0666",
          "@id": "CVE-2018-0666",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0665",
          "@id": "CVE-2018-0665",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0666",
          "@id": "CVE-2018-0666",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple script injection vulnerabilities in multiple Yamaha network devices"
    }

    JVNDB-2011-000024

    Vulnerability from jvndb - Published: 2011-05-11 08:32 - Updated:2011-05-31 10:39
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple Yamaha routers vulnerable to denial-of-service (DoS)
    Details
    Multiple routers provided by Yamaha contain a denial-of-service vulnerability. Multiple routers provided by Yamaha contain a denial-of-service (DoS) vulnerability due to an issue in processing IP packets. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000024.html",
      "dc:date": "2011-05-31T10:39+09:00",
      "dcterms:issued": "2011-05-11T08:32+09:00",
      "dcterms:modified": "2011-05-31T10:39+09:00",
      "description": "Multiple routers provided by Yamaha contain a denial-of-service vulnerability.\r\n\r\nMultiple routers provided by Yamaha contain a denial-of-service (DoS) vulnerability due to an issue in processing IP packets.\r\n\r\nYuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000024.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:nec:ip38x",
          "@product": "IP38X SERIES",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt",
          "@product": "RT Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rta",
          "@product": "RTA Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtv",
          "@product": "RTV Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtw",
          "@product": "RTW Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx",
          "@product": "RTX Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:srt",
          "@product": "SRT Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2011-000024",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN55714408",
          "@id": "JVN#55714408",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1323",
          "@id": "CVE-2011-1323",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1323",
          "@id": "CVE-2011-1323",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/english/vuln/201104_Yamaha_en.html",
          "@id": "Security Alert for Vulnerability in Yamaha Routers",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-189",
          "@title": "Numeric Errors(CWE-189)"
        }
      ],
      "title": "Multiple Yamaha routers vulnerable to denial-of-service (DoS)"
    }

    JVNDB-2009-000068

    Vulnerability from jvndb - Published: 2009-10-26 15:58 - Updated:2010-01-25 12:02
    Severity
    N/A (UNKNOWN) - -
    Summary
    Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
    Details
    Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks. Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility. For more information, refer to the vendor's website. Akira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership. The reporters would also like to thank the following for the analysis of the vulnerability: Shinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html",
      "dc:date": "2010-01-25T12:02+09:00",
      "dcterms:issued": "2009-10-26T15:58+09:00",
      "dcterms:modified": "2010-01-25T12:02+09:00",
      "description": "Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.\r\n\r\nImplementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.\r\n\r\nFor more information, refer to the vendor\u0027s website.\r\n\r\nAkira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.\r\n\r\nThe reporters would also like to thank the following for the analysis of the vulnerability:\r\nShinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:furukawa_electric:fitelnet-f",
          "@product": "FITELnet-F Series",
          "@vendor": "THE FURUKAWA ELECTRIC CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:nec:ip38x",
          "@product": "IP38X SERIES",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt105",
          "@product": "RT105 Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt107e",
          "@product": "RT107e",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt140",
          "@product": "RT140 Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt250i",
          "@product": "RT250i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt300i",
          "@product": "RT300i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt56v",
          "@product": "RT56v",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt60w",
          "@product": "RT60w",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rta54i",
          "@product": "RTA54i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rta55i",
          "@product": "RTA55i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtv700",
          "@product": "RTV700",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtw65b",
          "@product": "RTW65b",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtw65i",
          "@product": "RTW65i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx1000",
          "@product": "RTX1000",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx1100",
          "@product": "RTX1100",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx1500",
          "@product": "RTX1500",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx2000",
          "@product": "RTX2000",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx3000",
          "@product": "RTX3000",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:srt100",
          "@product": "SRT100",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rt57i_firmware",
          "@product": "RT57i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:yamaha:rt58i_firmware",
          "@product": "RT58i",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.7",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000068",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN75368899/index.html",
          "@id": "JVN#75368899",
          "@source": "JVN"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc4942.txt",
          "@id": "RFC4942",
          "@source": "IETF"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc3971.txt",
          "@id": "RFC3971",
          "@source": "IETF"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc3972.txt",
          "@id": "RFC3972",
          "@source": "IETF"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc4861.txt",
          "@id": "RFC4861",
          "@source": "IETF"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc4862.txt",
          "@id": "RFC4862",
          "@source": "IETF"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc3756.txt",
          "@id": "RFC3756",
          "@source": "IETF"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc4890.txt",
          "@id": "RFC4890",
          "@source": "IETF"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks"
    }

    JVNDB-2008-000005

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple Yamaha routers vulnerable to cross-site request forgery
    Details
    The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000005.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery.\r\n\r\nMultiple Yamaha routers provide a web-based interface for users to configure the settings of the routers.\r\nThe web interface is vulnerable to cross-site request forgery.",
      "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000005.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:nec:ip38x",
          "@product": "IP38X SERIES",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:netvolante",
          "@product": "NetVolante Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rt",
          "@product": "RT Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtv",
          "@product": "RTV Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:rtx",
          "@product": "RTX Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:yamaha:srt",
          "@product": "SRT Series",
          "@vendor": "Yamaha Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:A/AC:H/Au:N/C:N/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2008-000005",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN88575577/index.html",
          "@id": "JVN#88575577",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0524",
          "@id": "CVE-2008-0524",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0524",
          "@id": "CVE-2008-0524",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/english/vuln/200801_Yamaha_press_en.html",
          "@id": "Security Alert for Vulnerability in Multiple YAMAHA Routers",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "http://secunia.com/advisories/28690",
          "@id": "SA28690",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/27491",
          "@id": "27491",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/40015",
          "@id": "40015",
          "@source": "XF"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "Multiple Yamaha routers vulnerable to cross-site request forgery"
    }

    CVE-2024-22366 (GCVE-0-2024-22366)

    Vulnerability from nvd – Published: 2024-01-24 04:35 – Updated: 2025-06-20 19:27
    VLAI
    Summary
    Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Active debug code
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Yamaha Corporation WLX222 Affected: firmware Rev.24.00.03 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX413 Affected: firmware Rev.22.00.05 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX212 Affected: firmware Rev.21.00.12 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX313 Affected: firmware Rev.18.00.12 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX202 Affected: firmware Rev.16.00.18 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99896362/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22366",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T16:37:23.887340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T19:27:11.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WLX222",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.24.00.03 and earlier"
                }
              ]
            },
            {
              "product": "WLX413",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.22.00.05 and earlier"
                }
              ]
            },
            {
              "product": "WLX212",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.21.00.12 and earlier"
                }
              ]
            },
            {
              "product": "WLX313",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.18.00.12 and earlier"
                }
              ]
            },
            {
              "product": "WLX202",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.16.00.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device\u0027s management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Active debug code",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-24T04:35:55.337Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99896362/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-22366",
        "datePublished": "2024-01-24T04:35:55.337Z",
        "dateReserved": "2024-01-09T07:04:26.494Z",
        "dateUpdated": "2025-06-20T19:27:11.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20844 (GCVE-0-2021-20844)

    Vulnerability from nvd – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
    Severity
    No CVSS data available.
    CWE
    • Improper Neutralization of HTTP Headers for Scripting Syntax
    Assigner
    Impacted products
    Vendor Product Version
    Yamaha Corporation RTX830, NVR510, NVR700W, RTX1210 Affected: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RTX830, NVR510, NVR700W, RTX1210",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-24T08:25:45.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20844",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RTX830, NVR510, NVR700W, RTX1210",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of HTTP Headers for Scripting Syntax"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
                  "refsource": "MISC",
                  "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
                },
                {
                  "name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
                  "refsource": "MISC",
                  "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
                },
                {
                  "name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20844",
        "datePublished": "2021-11-24T08:25:45.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20843 (GCVE-0-2021-20843)

    Vulnerability from nvd – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
    Severity
    No CVSS data available.
    CWE
    • Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Yamaha Corporation RTX830, NVR510, NVR700W, RTX1210 Affected: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RTX830, NVR510, NVR700W, RTX1210",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-24T08:25:44.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20843",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RTX830, NVR510, NVR700W, RTX1210",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Inclusion of Functionality from Untrusted Control Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
                  "refsource": "MISC",
                  "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
                },
                {
                  "name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
                  "refsource": "MISC",
                  "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
                },
                {
                  "name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20843",
        "datePublished": "2021-11-24T08:25:44.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5548 (GCVE-0-2020-5548)

    Vulnerability from nvd – Published: 2020-04-01 11:15 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Yamaha Corporation Yamaha network devices Affected: Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN38732359/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Yamaha network devices",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-01T11:15:15.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN38732359/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Yamaha network devices",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial-of-service (DoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN38732359/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN38732359/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5548",
        "datePublished": "2020-04-01T11:15:15.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0666 (GCVE-0-2018-0666)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
    Severity
    No CVSS data available.
    CWE
    • Script Injection
    Assigner
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
              },
              {
                "name": "JVN#69967692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Yamaha Broadband VoIP Router RT57i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.8.00.95 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router RT58i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.9.01.51 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router NVR500",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.00.36 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Gigabit VPN Router RTX810",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.01.31 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Firewall FWX120",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.03.25 and earlier"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, N500, NVR500, and RTX810",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, and N500",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
            },
            {
              "name": "JVN#69967692",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0666",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT57i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.8.00.95 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT58i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.9.01.51 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router NVR500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.00.36 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Gigabit VPN Router RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.01.31 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Firewall FWX120",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.03.25 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, and N500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
                  "refsource": "MISC",
                  "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
                },
                {
                  "name": "JVN#69967692",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
                },
                {
                  "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
                  "refsource": "MISC",
                  "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0666",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0665 (GCVE-0-2018-0665)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
    Severity
    No CVSS data available.
    CWE
    • Script Injection
    Assigner
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
              },
              {
                "name": "JVN#69967692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Yamaha Broadband VoIP Router RT57i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.8.00.95 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router RT58i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.9.01.51 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router NVR500",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.00.36 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Gigabit VPN Router RTX810",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.01.31 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Firewall FWX120",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.03.25 and earlier"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, N500, NVR500, and RTX810",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, and N500",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
            },
            {
              "name": "JVN#69967692",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT57i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.8.00.95 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT58i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.9.01.51 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router NVR500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.00.36 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Gigabit VPN Router RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.01.31 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Firewall FWX120",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.03.25 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, and N500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
                  "refsource": "MISC",
                  "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
                },
                {
                  "name": "JVN#69967692",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
                },
                {
                  "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
                  "refsource": "MISC",
                  "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0665",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22366 (GCVE-0-2024-22366)

    Vulnerability from cvelistv5 – Published: 2024-01-24 04:35 – Updated: 2025-06-20 19:27
    VLAI
    Summary
    Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Active debug code
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Yamaha Corporation WLX222 Affected: firmware Rev.24.00.03 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX413 Affected: firmware Rev.22.00.05 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX212 Affected: firmware Rev.21.00.12 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX313 Affected: firmware Rev.18.00.12 and earlier
    Create a notification for this product.
    Yamaha Corporation WLX202 Affected: firmware Rev.16.00.18 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99896362/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22366",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T16:37:23.887340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T19:27:11.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WLX222",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.24.00.03 and earlier"
                }
              ]
            },
            {
              "product": "WLX413",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.22.00.05 and earlier"
                }
              ]
            },
            {
              "product": "WLX212",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.21.00.12 and earlier"
                }
              ]
            },
            {
              "product": "WLX313",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.18.00.12 and earlier"
                }
              ]
            },
            {
              "product": "WLX202",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Rev.16.00.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device\u0027s management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Active debug code",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-24T04:35:55.337Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99896362/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-22366",
        "datePublished": "2024-01-24T04:35:55.337Z",
        "dateReserved": "2024-01-09T07:04:26.494Z",
        "dateUpdated": "2025-06-20T19:27:11.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20844 (GCVE-0-2021-20844)

    Vulnerability from cvelistv5 – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
    Severity
    No CVSS data available.
    CWE
    • Improper Neutralization of HTTP Headers for Scripting Syntax
    Assigner
    Impacted products
    Vendor Product Version
    Yamaha Corporation RTX830, NVR510, NVR700W, RTX1210 Affected: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RTX830, NVR510, NVR700W, RTX1210",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-24T08:25:45.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20844",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RTX830, NVR510, NVR700W, RTX1210",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of HTTP Headers for Scripting Syntax"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
                  "refsource": "MISC",
                  "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
                },
                {
                  "name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
                  "refsource": "MISC",
                  "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
                },
                {
                  "name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20844",
        "datePublished": "2021-11-24T08:25:45.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20843 (GCVE-0-2021-20843)

    Vulnerability from cvelistv5 – Published: 2021-11-24 08:25 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
    Severity
    No CVSS data available.
    CWE
    • Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Yamaha Corporation RTX830, NVR510, NVR700W, RTX1210 Affected: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RTX830, NVR510, NVR700W, RTX1210",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-24T08:25:44.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20843",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RTX830, NVR510, NVR700W, RTX1210",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Inclusion of Functionality from Untrusted Control Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
                  "refsource": "MISC",
                  "url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
                },
                {
                  "name": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
                  "refsource": "MISC",
                  "url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
                },
                {
                  "name": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20843",
        "datePublished": "2021-11-24T08:25:44.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5548 (GCVE-0-2020-5548)

    Vulnerability from cvelistv5 – Published: 2020-04-01 11:15 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Denial-of-service (DoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Yamaha Corporation Yamaha network devices Affected: Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN38732359/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Yamaha network devices",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-01T11:15:15.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN38732359/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Yamaha network devices",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial-of-service (DoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN38732359/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN38732359/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5548",
        "datePublished": "2020-04-01T11:15:15.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0666 (GCVE-0-2018-0666)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.
    Severity
    No CVSS data available.
    CWE
    • Script Injection
    Assigner
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
              },
              {
                "name": "JVN#69967692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Yamaha Broadband VoIP Router RT57i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.8.00.95 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router RT58i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.9.01.51 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router NVR500",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.00.36 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Gigabit VPN Router RTX810",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.01.31 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Firewall FWX120",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.03.25 and earlier"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, N500, NVR500, and RTX810",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, and N500",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
            },
            {
              "name": "JVN#69967692",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0666",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT57i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.8.00.95 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT58i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.9.01.51 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router NVR500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.00.36 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Gigabit VPN Router RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.01.31 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Firewall FWX120",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.03.25 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, and N500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0665."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
                  "refsource": "MISC",
                  "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
                },
                {
                  "name": "JVN#69967692",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
                },
                {
                  "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
                  "refsource": "MISC",
                  "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0666",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0665 (GCVE-0-2018-0665)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
    Severity
    No CVSS data available.
    CWE
    • Script Injection
    Assigner
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
              },
              {
                "name": "JVN#69967692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Yamaha Broadband VoIP Router RT57i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.8.00.95 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router RT58i",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.9.01.51 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Broadband VoIP Router NVR500",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.00.36 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Gigabit VPN Router RTX810",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.01.31 and earlier"
                }
              ]
            },
            {
              "product": "Yamaha Firewall FWX120",
              "vendor": "Yamaha Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rev.11.03.25 and earlier"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, N500, NVR500, and RTX810",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            },
            {
              "product": "Biz Box Router N58i, and N500",
              "vendor": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
            },
            {
              "name": "JVN#69967692",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT57i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.8.00.95 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router RT58i",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.9.01.51 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Broadband VoIP Router NVR500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.00.36 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Gigabit VPN Router RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.01.31 and earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Yamaha Firewall FWX120",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rev.11.03.25 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yamaha Corporation"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Biz Box Router N58i, and N500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user\u0027s web browser. This is a different vulnerability from CVE-2018-0666."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://flets-w.com/solution/kiki_info/info/180829.html",
                  "refsource": "MISC",
                  "url": "https://flets-w.com/solution/kiki_info/info/180829.html"
                },
                {
                  "name": "JVN#69967692",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN69967692/index.html"
                },
                {
                  "name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
                  "refsource": "MISC",
                  "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
                },
                {
                  "name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
                  "refsource": "MISC",
                  "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0665",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }