Sign-up

ID

VAR-201901-0719


CVE

CVE-2018-0665


TITLE

Multiple script injection vulnerabilities in multiple Yamaha network devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-000093

DESCRIPTION

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. YamahaBroadband VoIPRouterRT57i and so on are all Yamaha Corporation router products. NVR500 Broadband VoIP Router is a router. A security vulnerability exists in the management interface in several Yamaha products. The following products and versions are affected: Yamaha Corporation FWX120 Firewall Rev.11.03.25 and earlier; NVR500 Broadband VoIP Router Rev.11.00.36 and earlier; RT57i Broadband VoIP Router Rev.8.00.95 and earlier; RT58i Broadband VoIP Router Rev.9.01.51 and earlier versions; RTX810 Gigabit VPN Router Rev.11.01.33 and earlier versions

Trust: 2.25

sources: NVD: CVE-2018-0665 // JVNDB: JVNDB-2018-000093 // CNVD: CNVD-2018-16850 // VULHUB: VHN-118867

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-16850

AFFECTED PRODUCTS

vendor:yamahamodel:rt57iscope:lteversion:rev.8.00.95

Trust: 1.0

vendor:yamahamodel:nvr500scope:lteversion:rev.11.00.36

Trust: 1.0

vendor:yamahamodel:rtx810scope:lteversion:rev.11.01.31

Trust: 1.0

vendor:yamahamodel:rt58iscope:lteversion:rev.9.01.51

Trust: 1.0

vendor:yamahamodel:fwx120scope:lteversion:firewall rev.11.03.25

Trust: 0.8

vendor:yamahamodel:nvr500scope:lteversion:broadband voip router rev.11.00.36

Trust: 0.8

vendor:yamahamodel:rt57iscope:lteversion:broadband voip router rev.8.00.95

Trust: 0.8

vendor:yamahamodel:rt58iscope:lteversion:broadband voip router rev.9.01.51

Trust: 0.8

vendor:yamahamodel:rtx810scope:lteversion:gigabit vpn router rev.11.01.31

Trust: 0.8

vendor:yamahamodel:firewall fwx120 <=rev.11.03.25scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router rt57i <=rev.8.00.95scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router rt58i <=rev.9.01.51scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router nvr500 <=rev.11.00.36scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit vpn router rtx810 <=rev.11.01.33scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-16850 // JVNDB: JVNDB-2018-000093 // NVD: CVE-2018-0665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0665
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2018-000093
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-16850
value: LOW

Trust: 0.6

CNNVD: CNNVD-201809-340
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118867
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0665
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000093
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2018-16850
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118867
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0665
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000093
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-16850 // VULHUB: VHN-118867 // JVNDB: JVNDB-2018-000093 // CNNVD: CNNVD-201809-340 // NVD: CVE-2018-0665

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-79

Trust: 0.8

problemtype:CWE-74

Trust: 0.1

sources: VULHUB: VHN-118867 // JVNDB: JVNDB-2018-000093 // NVD: CVE-2018-0665

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-340

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-340

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000093

PATCH
title:Yamaha Corporation websiteurl:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html
Trust: 0.8
title:NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION websiteurl:https://web116.jp/ced/support/news/contents/2018/20180829b.html
Trust: 0.8
title:NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION websiteurl:https://flets-w.com/solution/kiki_info/info/180829.html
Trust: 0.8
title:YamahaCorporation multiple products have script injection vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/138965
Trust: 0.6
title:Multiple Yamaha Corporation Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84654
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-16850 // 
            
            
            
            JVNDB: JVNDB-2018-000093 // 
            
            
            
            CNNVD: CNNVD-201809-340

EXTERNAL IDS
db:JVNid:JVN69967692
Trust: 3.1
db:NVDid:CVE-2018-0665
Trust: 3.1
db:JVNDBid:JVNDB-2018-000093
Trust: 0.8
db:CNNVDid:CNNVD-201809-340
Trust: 0.7
db:CNVDid:CNVD-2018-16850
Trust: 0.6
db:VULHUBid:VHN-118867
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-16850 // 
            
            
            
            VULHUB: VHN-118867 // 
            
            
            
            JVNDB: JVNDB-2018-000093 // 
            
            
            
            CNNVD: CNNVD-201809-340 // 
            
            
            
            NVD: CVE-2018-0665

REFERENCES
url:https://jvn.jp/en/jp/jvn69967692/index.html
Trust: 2.5
url:http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html
Trust: 1.7
url:https://flets-w.com/solution/kiki_info/info/180829.html
Trust: 1.7
url:https://web116.jp/ced/support/news/contents/2018/20180829b.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0665
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0666
Trust: 0.8
url:https://jvn.jp/en/jp/jvn69967692/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-16850 // 
            
            
            
            VULHUB: VHN-118867 // 
            
            
            
            JVNDB: JVNDB-2018-000093 // 
            
            
            
            CNNVD: CNNVD-201809-340 // 
            
            
            
            NVD: CVE-2018-0665

SOURCES
db:CNVDid:CNVD-2018-16850
db:VULHUBid:VHN-118867
db:JVNDBid:JVNDB-2018-000093
db:CNNVDid:CNNVD-201809-340
db:NVDid:CVE-2018-0665

LAST UPDATE DATE
2024-11-23T22:06:21.289000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-16850date:2018-08-30T00:00:00
db:VULHUBid:VHN-118867date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-000093date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201809-340date:2020-10-22T00:00:00
db:NVDid:CVE-2018-0665date:2024-11-21T03:38:41.873

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-16850date:2018-08-30T00:00:00
db:VULHUBid:VHN-118867date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2018-000093date:2018-08-29T00:00:00
db:CNNVDid:CNNVD-201809-340date:2018-09-10T00:00:00
db:NVDid:CVE-2018-0665date:2019-01-09T23:29:01.373