Lucene search

JpcertCVE-2016-1228

HistoryJul 03, 2016 - 2:59 p.m.

CVE-2016-1228

2016-07-0314:59:02

CWE-352

jpcert

web.nvd.nist.gov

cve-2016-1228

cross-site request forgery

csrf

ntt east

ntt west

hikari denwa

router

firmware

remote attackers

authentication hijacking

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.

Affected configurations

Nvd

Node

ntt-westpr-400mi_firmwareRange≤07.00.1005

AND

ntt-westpr-400miMatch-

Node

ntt-westrt-400mi_firmwareRange≤07.00.1005

AND

ntt-westrt-400miMatch-

Node

ntt-westrv-440mi_firmwareRange≤07.00.1005

AND

ntt-westrv-440miMatch-

Node

ntt-eastpr-400mi_firmwareMatch07.00.1006

AND

ntt-eastpr-400miMatch-

Node

ntt-eastrt-400mi_firmwareRange≤07.00.1006

AND

ntt-eastrt-400miMatch-

Node

ntt-eastrv-440mi_firmwareRange≤07.00.1006

AND

ntt-eastrv-440miMatch-

VendorProductVersionCPE
ntt-westpr-400mi_firmware*cpe:2.3:o:ntt-west:pr-400mi_firmware:*:*:*:*:*:*:*:*
ntt-westpr-400mi-cpe:2.3:h:ntt-west:pr-400mi:-:*:*:*:*:*:*:*
ntt-westrt-400mi_firmware*cpe:2.3:o:ntt-west:rt-400mi_firmware:*:*:*:*:*:*:*:*
ntt-westrt-400mi-cpe:2.3:h:ntt-west:rt-400mi:-:*:*:*:*:*:*:*
ntt-westrv-440mi_firmware*cpe:2.3:o:ntt-west:rv-440mi_firmware:*:*:*:*:*:*:*:*
ntt-westrv-440mi-cpe:2.3:h:ntt-west:rv-440mi:-:*:*:*:*:*:*:*
ntt-eastpr-400mi_firmware07.00.1006cpe:2.3:o:ntt-east:pr-400mi_firmware:07.00.1006:*:*:*:*:*:*:*
ntt-eastpr-400mi-cpe:2.3:h:ntt-east:pr-400mi:-:*:*:*:*:*:*:*
ntt-eastrt-400mi_firmware*cpe:2.3:o:ntt-east:rt-400mi_firmware:*:*:*:*:*:*:*:*
ntt-eastrt-400mi-cpe:2.3:h:ntt-east:rt-400mi:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ntt-west	pr-400mi_firmware	*	cpe:2.3:o:ntt-west:pr-400mi_firmware::::::::
ntt-west	pr-400mi	-	cpe:2.3:h:ntt-west:pr-400mi:-:::::::*
ntt-west	rt-400mi_firmware	*	cpe:2.3:o:ntt-west:rt-400mi_firmware::::::::
ntt-west	rt-400mi	-	cpe:2.3:h:ntt-west:rt-400mi:-:::::::*
ntt-west	rv-440mi_firmware	*	cpe:2.3:o:ntt-west:rv-440mi_firmware::::::::
ntt-west	rv-440mi	-	cpe:2.3:h:ntt-west:rv-440mi:-:::::::*
ntt-east	pr-400mi_firmware	07.00.1006	cpe:2.3:o:ntt-east:pr-400mi_firmware:07.00.1006:::::::*
ntt-east	pr-400mi	-	cpe:2.3:h:ntt-east:pr-400mi:-:::::::*
ntt-east	rt-400mi_firmware	*	cpe:2.3:o:ntt-east:rt-400mi_firmware::::::::
ntt-east	rt-400mi	-	cpe:2.3:h:ntt-east:rt-400mi:-:::::::*

Rows per page:

1-10 of 121

References

jvn.jp/en/jp/JVN45034304/index.html

jvndb.jvn.jp/jvndb/JVNDB-2016-000106

web116.jp/ced/support/news/contents/2016/20160627.html

www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVE-2016-1228