Vulnerabilites related to Yamaha Corporation - RT57i
jvndb-2018-000093
Vulnerability from jvndb
Published
2018-08-29 18:01
Modified
2019-08-27 17:53
Severity ?
Summary
Multiple script injection vulnerabilities in multiple Yamaha network devices
Details
The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).
The following researchers reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2018-0665
Hayato Doi of Kanazawa Institute of Technology
CVE-2018-0666
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000093.html",
"dc:date": "2019-08-27T17:53+09:00",
"dcterms:issued": "2018-08-29T18:01+09:00",
"dcterms:modified": "2019-08-27T17:53+09:00",
"description": "The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities (CWE-74).\r\n\r\nThe following researchers reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2018-0665\r\nHayato Doi of Kanazawa Institute of Technology\r\n\r\nCVE-2018-0666\r\nTomonori Yamamoto of Mitsui Bussan Secure Directions, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000093.html",
"sec:cpe": [
{
"#text": "cpe:/o:yamaha:fwx120_firmware",
"@product": "FWX120",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:nvr500_firmware",
"@product": "NVR500",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rt57i_firmware",
"@product": "RT57i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rt58i_firmware",
"@product": "RT58i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rtx810_firmware",
"@product": "RTX810",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.7",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000093",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN69967692/index.html",
"@id": "JVN#69967692",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0665",
"@id": "CVE-2018-0665",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0666",
"@id": "CVE-2018-0666",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0665",
"@id": "CVE-2018-0665",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0666",
"@id": "CVE-2018-0666",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple script injection vulnerabilities in multiple Yamaha network devices"
}
jvndb-2009-000068
Vulnerability from jvndb
Published
2009-10-26 15:58
Modified
2010-01-25 12:02
Summary
Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Details
Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.
Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.
For more information, refer to the vendor's website.
Akira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.
The reporters would also like to thank the following for the analysis of the vulnerability:
Shinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN75368899/index.html | |
| IETF | http://www.ietf.org/rfc/rfc4942.txt | |
| IETF | http://www.ietf.org/rfc/rfc3971.txt | |
| IETF | http://www.ietf.org/rfc/rfc3972.txt | |
| IETF | http://www.ietf.org/rfc/rfc4861.txt | |
| IETF | http://www.ietf.org/rfc/rfc4862.txt | |
| IETF | http://www.ietf.org/rfc/rfc3756.txt | |
| IETF | http://www.ietf.org/rfc/rfc4890.txt | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html",
"dc:date": "2010-01-25T12:02+09:00",
"dcterms:issued": "2009-10-26T15:58+09:00",
"dcterms:modified": "2010-01-25T12:02+09:00",
"description": "Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.\r\n\r\nImplementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.\r\n\r\nFor more information, refer to the vendor\u0027s website.\r\n\r\nAkira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.\r\n\r\nThe reporters would also like to thank the following for the analysis of the vulnerability:\r\nShinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html",
"sec:cpe": [
{
"#text": "cpe:/h:furukawa_electric:fitelnet-f",
"@product": "FITELnet-F Series",
"@vendor": "THE FURUKAWA ELECTRIC CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:ip38x",
"@product": "IP38X SERIES",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt105",
"@product": "RT105 Series",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt107e",
"@product": "RT107e",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt140",
"@product": "RT140 Series",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt250i",
"@product": "RT250i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt300i",
"@product": "RT300i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt56v",
"@product": "RT56v",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt60w",
"@product": "RT60w",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rta54i",
"@product": "RTA54i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rta55i",
"@product": "RTA55i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtv700",
"@product": "RTV700",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtw65b",
"@product": "RTW65b",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtw65i",
"@product": "RTW65i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx1000",
"@product": "RTX1000",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx1100",
"@product": "RTX1100",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx1500",
"@product": "RTX1500",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx2000",
"@product": "RTX2000",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx3000",
"@product": "RTX3000",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:srt100",
"@product": "SRT100",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rt57i_firmware",
"@product": "RT57i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rt58i_firmware",
"@product": "RT58i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000068",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75368899/index.html",
"@id": "JVN#75368899",
"@source": "JVN"
},
{
"#text": "http://www.ietf.org/rfc/rfc4942.txt",
"@id": "RFC4942",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc3971.txt",
"@id": "RFC3971",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc3972.txt",
"@id": "RFC3972",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc4861.txt",
"@id": "RFC4861",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc4862.txt",
"@id": "RFC4862",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc3756.txt",
"@id": "RFC3756",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc4890.txt",
"@id": "RFC4890",
"@source": "IETF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks"
}