Japan Vulnerability NotesJVN:43172719JVN#43172719: Multiple vulnerabilities in Hikari Denwa router/Home GateWay
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.0%
Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below.
Cross-site Scripting (CWE-79) - CVE-2019-5985
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
| CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Cross-site Request Forgery (CWE-352) - CVE-2019-5986
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | Base Score: 6.5 |
| CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Impact
- An arbitrary script may be executed on the user’s web browser - CVE-2019-5985
- If a user who is logging into the device accesses a specially crafted web page, unintended operations may be conducted - CVE-2019-5986
Solution
Update the firmware
Apply the appropriate firmware update according to the information provided by the developer.
Products Affected
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
- PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier
- PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier
- PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier
- PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier
- PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier
- PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier
- PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier
- RS-500KI firmware version Ver.01.00.0070 and earlier
- PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier
- RS-500MI firmware version Ver.03.01.0019 and earlier
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION - PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier
- PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier
- PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier
- PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier
- PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier
- PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier
- PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier
- PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.0%