Sign-up

ID

VAR-201901-0720


CVE

CVE-2018-0666


TITLE

Multiple script injection vulnerabilities in multiple Yamaha network devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-000093

DESCRIPTION

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665. The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74). The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0665 Hayato Doi of Kanazawa Institute of Technology CVE-2018-0666 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the management screen. The embedded script may be executed when another administrator logs into the screen. Yamaha Broadband VoIP Router RT57i and so on are all Yamaha Corporation router products. A security vulnerability exists in the management interface in several Yamaha products

Trust: 2.25

sources: NVD: CVE-2018-0666 // JVNDB: JVNDB-2018-000093 // CNVD: CNVD-2018-16849 // VULHUB: VHN-118868

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-16849

AFFECTED PRODUCTS

vendor:yamahamodel:rt57iscope:lteversion:rev.8.00.95

Trust: 1.0

vendor:yamahamodel:nvr500scope:lteversion:rev.11.00.36

Trust: 1.0

vendor:yamahamodel:rtx810scope:lteversion:rev.11.01.31

Trust: 1.0

vendor:yamahamodel:rt58iscope:lteversion:rev.9.01.51

Trust: 1.0

vendor:yamahamodel:fwx120scope:lteversion:firewall rev.11.03.25

Trust: 0.8

vendor:yamahamodel:nvr500scope:lteversion:broadband voip router rev.11.00.36

Trust: 0.8

vendor:yamahamodel:rt57iscope:lteversion:broadband voip router rev.8.00.95

Trust: 0.8

vendor:yamahamodel:rt58iscope:lteversion:broadband voip router rev.9.01.51

Trust: 0.8

vendor:yamahamodel:rtx810scope:lteversion:gigabit vpn router rev.11.01.31

Trust: 0.8

vendor:yamahamodel:firewall fwx120 <=rev.11.03.25scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router rt57i <=rev.8.00.95scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router rt58i <=rev.9.01.51scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router nvr500 <=rev.11.00.36scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit vpn router rtx810 <=rev.11.01.33scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-16849 // JVNDB: JVNDB-2018-000093 // NVD: CVE-2018-0666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0666
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2018-000093
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-16849
value: LOW

Trust: 0.6

CNNVD: CNNVD-201809-341
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118868
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0666
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000093
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2018-16849
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118868
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0666
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000093
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-16849 // VULHUB: VHN-118868 // JVNDB: JVNDB-2018-000093 // CNNVD: CNNVD-201809-341 // NVD: CVE-2018-0666

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-79

Trust: 0.8

problemtype:CWE-74

Trust: 0.1

sources: VULHUB: VHN-118868 // JVNDB: JVNDB-2018-000093 // NVD: CVE-2018-0666

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-341

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000093

PATCH
title:Yamaha Corporation websiteurl:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html
Trust: 0.8
title:NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION websiteurl:https://web116.jp/ced/support/news/contents/2018/20180829b.html
Trust: 0.8
title:NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION websiteurl:https://flets-w.com/solution/kiki_info/info/180829.html
Trust: 0.8
title:Patches for Script Injection Vulnerability (CNVD-2018-16849) for Yamaha Corporation's Multiple Productsurl:https://www.cnvd.org.cn/patchInfo/show/138963
Trust: 0.6
title:Multiple Yamaha Corporation Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84655
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-16849 // 
            
            
            
            JVNDB: JVNDB-2018-000093 // 
            
            
            
            CNNVD: CNNVD-201809-341

EXTERNAL IDS
db:JVNid:JVN69967692
Trust: 3.1
db:NVDid:CVE-2018-0666
Trust: 3.1
db:JVNDBid:JVNDB-2018-000093
Trust: 0.8
db:CNNVDid:CNNVD-201809-341
Trust: 0.7
db:CNVDid:CNVD-2018-16849
Trust: 0.6
db:VULHUBid:VHN-118868
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-16849 // 
            
            
            
            VULHUB: VHN-118868 // 
            
            
            
            JVNDB: JVNDB-2018-000093 // 
            
            
            
            CNNVD: CNNVD-201809-341 // 
            
            
            
            NVD: CVE-2018-0666

REFERENCES
url:https://jvn.jp/en/jp/jvn69967692/index.html
Trust: 2.5
url:http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn69967692.html
Trust: 1.7
url:https://flets-w.com/solution/kiki_info/info/180829.html
Trust: 1.7
url:https://web116.jp/ced/support/news/contents/2018/20180829b.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0665
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0666
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0665
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0666
Trust: 0.8
url:https://jvn.jp/en/jp/jvn69967692/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-16849 // 
            
            
            
            VULHUB: VHN-118868 // 
            
            
            
            JVNDB: JVNDB-2018-000093 // 
            
            
            
            CNNVD: CNNVD-201809-341 // 
            
            
            
            NVD: CVE-2018-0666

SOURCES
db:CNVDid:CNVD-2018-16849
db:VULHUBid:VHN-118868
db:JVNDBid:JVNDB-2018-000093
db:CNNVDid:CNNVD-201809-341
db:NVDid:CVE-2018-0666

LAST UPDATE DATE
2024-11-23T22:06:21.259000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-16849date:2018-08-30T00:00:00
db:VULHUBid:VHN-118868date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-000093date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201809-341date:2020-10-22T00:00:00
db:NVDid:CVE-2018-0666date:2024-11-21T03:38:42.007

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-16849date:2018-08-30T00:00:00
db:VULHUBid:VHN-118868date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2018-000093date:2018-08-29T00:00:00
db:CNNVDid:CNNVD-201809-341date:2018-09-10T00:00:00
db:NVDid:CVE-2018-0666date:2019-01-09T23:29:01.467