Sign-up

ID

VAR-202004-1827


CVE

CVE-2020-5548


TITLE

Interfering with service operations on multiple Yamaha network devices (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-000021

DESCRIPTION

Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors. For multiple network devices provided by Yamaha Corporation, service operation interruption due to processing of received packets (DoS) (CWE-400) Vulnerability exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Keio University Faculty of Science and Engineering Department of Computer Science Amano Lab Niwa Naoya MrService operation obstruction by a remote third party (DoS) You may be attacked. Yamaha NVR500 and others are products of Yamaha Corporation of Japan. Yamaha NVR500 is an enterprise router. Yamaha RTX810 is a Gigabit VPN (Virtual Private Network) router. Yamaha FWX120 is a firewall product. Denial of service vulnerabilities exist in many Yamaha products. A remote attacker can use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2020-5548 // JVNDB: JVNDB-2020-000021 // CNVD: CNVD-2020-21477

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21477

AFFECTED PRODUCTS

vendor:yamahamodel:rtx5000scope:lteversion:14.00.26

Trust: 1.0

vendor:yamahamodel:nvr510scope:lteversion:15.01.14

Trust: 1.0

vendor:yamahamodel:rtx1200scope:lteversion:10.01.76

Trust: 1.0

vendor:yamahamodel:nvr700wscope:lteversion:15.00.15

Trust: 1.0

vendor:yamahamodel:fwx120scope:lteversion:11.03.27

Trust: 1.0

vendor:yamahamodel:rtx3500scope:lteversion:14.00.26

Trust: 1.0

vendor:yamahamodel:rtx830scope:lteversion:15.02.09

Trust: 1.0

vendor:yamahamodel:rtx810scope:lteversion:11.01.33

Trust: 1.0

vendor:yamahamodel:nvr500scope:lteversion:11.00.38

Trust: 1.0

vendor:yamahamodel:rtx1210scope:lteversion:14.01.33

Trust: 1.0

vendor:yamahamodel:fwx120scope:eqversion:ファームウェア rev.11.03.27

Trust: 0.8

vendor:yamahamodel:nvr500scope:eqversion:ファームウェア rev.11.00.38

Trust: 0.8

vendor:yamahamodel:nvr510scope:eqversion:ファームウェア rev.15.01.14

Trust: 0.8

vendor:yamahamodel:nvr700wscope:eqversion:ファームウェア rev.15.00.15

Trust: 0.8

vendor:yamahamodel:rtx1200scope:eqversion:ファームウェア rev.10.01.76

Trust: 0.8

vendor:yamahamodel:rtx1210scope:eqversion:ファームウェア rev.14.01.33

Trust: 0.8

vendor:yamahamodel:rtx3500scope:eqversion:ファームウェア rev.14.00.26

Trust: 0.8

vendor:yamahamodel:rtx5000scope:eqversion:ファームウェア rev.14.00.26

Trust: 0.8

vendor:yamahamodel:rtx810scope:eqversion:ファームウェア rev.11.01.33

Trust: 0.8

vendor:yamahamodel:rtx830scope:eqversion:ファームウェア rev.15.02.09

Trust: 0.8

vendor:yamahamodel:lte voip router nvr700w <=rev.15.00.15scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit voip router nvr510 <=rev.15.01.14scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit vpn router rtx810 <=rev.11.01.33scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit vpn router rtx830 <=rev.15.02.09scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit vpn router rtx1200 <=rev.10.01.76scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit voip router rtx1210 <=rev.14.01.33scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit voip router rtx3500 <=rev.14.00.26scope: - version: -

Trust: 0.6

vendor:yamahamodel:gigabit voip router rtx5000 <=rev.14.00.26scope: - version: -

Trust: 0.6

vendor:yamahamodel:broadband voip router nvr500 <=rev.11.00.38scope: - version: -

Trust: 0.6

vendor:yamahamodel:firewall fwx120 <=rev.11.03.27scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-21477 // JVNDB: JVNDB-2020-000021 // NVD: CVE-2020-5548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5548
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-000021
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-21477
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1751
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5548
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2020-000021
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21477
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5548
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-000021
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21477 // JVNDB: JVNDB-2020-000021 // CNNVD: CNNVD-202003-1751 // NVD: CVE-2020-5548

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-000021 // NVD: CVE-2020-5548

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1751

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1751

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000021

PATCH
title:「ヤマハ製の複数のネットワーク機器におけるサービス運用妨害 (DoS) の脆弱性」について url:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html
Trust: 0.8
title:Biz Boxルータをご利用のお客さまへurl:https://flets-w.com/solution/kiki_info/info/200331.html
Trust: 0.8
title:BizBoxルータ・ヤマハルータをご利用のお客さまへurl:https://web116.jp/ced/support/news/contents/2020/20200331.html
Trust: 0.8
title:Patch for Multiple Yamaha product denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/212643
Trust: 0.6
title:Multiple Yamaha Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115376
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21477 // 
            
            
            
            JVNDB: JVNDB-2020-000021 // 
            
            
            
            CNNVD: CNNVD-202003-1751

EXTERNAL IDS
db:JVNid:JVN38732359
Trust: 3.0
db:NVDid:CVE-2020-5548
Trust: 3.0
db:JVNDBid:JVNDB-2020-000021
Trust: 0.8
db:CNVDid:CNVD-2020-21477
Trust: 0.6
db:CNNVDid:CNNVD-202003-1751
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21477 // 
            
            
            
            JVNDB: JVNDB-2020-000021 // 
            
            
            
            CNNVD: CNNVD-202003-1751 // 
            
            
            
            NVD: CVE-2020-5548

REFERENCES
url:https://jvn.jp/en/jp/jvn38732359/index.html
Trust: 1.6
url:http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn38732359.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5548
Trust: 0.8
url:https://jvn.jp/jp/jvn38732359/index.html
Trust: 0.8
url:https://jvn.jp/en/jp/jvn38732359/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5548
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21477 // 
            
            
            
            JVNDB: JVNDB-2020-000021 // 
            
            
            
            CNNVD: CNNVD-202003-1751 // 
            
            
            
            NVD: CVE-2020-5548

SOURCES
db:CNVDid:CNVD-2020-21477
db:JVNDBid:JVNDB-2020-000021
db:CNNVDid:CNNVD-202003-1751
db:NVDid:CVE-2020-5548

LAST UPDATE DATE
2024-11-23T23:04:24.625000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21477date:2020-04-05T00:00:00
db:JVNDBid:JVNDB-2020-000021date:2020-04-01T00:00:00
db:CNNVDid:CNNVD-202003-1751date:2020-05-12T00:00:00
db:NVDid:CVE-2020-5548date:2024-11-21T05:34:15.293

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21477date:2020-04-05T00:00:00
db:JVNDBid:JVNDB-2020-000021date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-1751date:2020-03-31T00:00:00
db:NVDid:CVE-2020-5548date:2020-04-01T12:15:15.210