TROYANOSYVIRUS
Volver a CVEs

CVE-2019-5985

MEDIUM
6.1

Descripcion

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Detalles CVE

Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado9/12/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

ntt-east:pr-400kintt-east:pr-400ki_firmwarentt-east:pr-400mintt-east:pr-400mi_firmwarentt-east:pr-400nentt-east:pr-400ne_firmwarentt-east:pr-500kintt-east:pr-500ki_firmwarentt-east:pr-500mintt-east:pr-500mi_firmwarentt-east:pr-s300hintt-east:pr-s300hi_firmwarentt-east:pr-s300nentt-east:pr-s300ne_firmwarentt-east:pr-s300sentt-east:pr-s300se_firmwarentt-east:rs-500kintt-east:rs-500ki_firmwarentt-east:rs-500mintt-east:rs-500mi_firmwarentt-east:rt-400kintt-east:rt-400ki_firmwarentt-east:rt-400mintt-east:rt-400mi_firmwarentt-east:rt-400nentt-east:rt-400ne_firmwarentt-east:rt-500kintt-east:rt-500ki_firmwarentt-east:rt-500mintt-east:rt-500mi_firmwarentt-east:rt-s300hintt-east:rt-s300hi_firmwarentt-east:rt-s300nentt-east:rt-s300ne_firmwarentt-east:rt-s300sentt-east:rt-s300se_firmwarentt-east:rv-440kintt-east:rv-440ki_firmwarentt-east:rv-440mintt-east:rv-440mi_firmwarentt-east:rv-440nentt-east:rv-440ne_firmwarentt-east:rv-s340hintt-east:rv-s340hi_firmwarentt-east:rv-s340nentt-east:rv-s340ne_firmwarentt-east:rv-s340sentt-east:rv-s340se_firmwarentt-west:pr-400kintt-west:pr-400ki_firmwarentt-west:pr-400mintt-west:pr-400mi_firmwarentt-west:pr-400nentt-west:pr-400ne_firmwarentt-west:pr-500kintt-west:pr-500ki_firmwarentt-west:pr-500mintt-west:pr-500mi_firmwarentt-west:pr-s300hintt-west:pr-s300hi_firmwarentt-west:pr-s300nentt-west:pr-s300ne_firmwarentt-west:pr-s300sentt-west:pr-s300se_firmwarentt-west:rt-400kintt-west:rt-400ki_firmwarentt-west:rt-400mintt-west:rt-400mi_firmwarentt-west:rt-400nentt-west:rt-400ne_firmwarentt-west:rt-500kintt-west:rt-500ki_firmwarentt-west:rt-500mintt-west:rt-500mi_firmwarentt-west:rt-s300hintt-west:rt-s300hi_firmwarentt-west:rt-s300nentt-west:rt-s300ne_firmwarentt-west:rt-s300sentt-west:rt-s300se_firmwarentt-west:rv-440kintt-west:rv-440ki_firmwarentt-west:rv-440mintt-west:rv-440mi_firmwarentt-west:rv-440nentt-west:rv-440ne_firmwarentt-west:rv-s340hintt-west:rv-s340hi_firmwarentt-west:rv-s340nentt-west:rv-s340ne_firmwarentt-west:rv-s340sentt-west:rv-s340se_firmware

Debilidades (CWE)

CWE-79

Referencias

http://jvn.jp/en/jp/JVN43172719/index.html(vultures@jpcert.or.jp)
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html(vultures@jpcert.or.jp)
http://jvn.jp/en/jp/JVN43172719/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.