TROYANOSYVIRUS
Voltar para CVEs

CVE-2019-5986

HIGH
8.8

Descricao

Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.

Detalhes CVE

Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado9/12/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

ntt-east:pr-400kintt-east:pr-400ki_firmwarentt-east:pr-400mintt-east:pr-400mi_firmwarentt-east:pr-400nentt-east:pr-400ne_firmwarentt-east:pr-500kintt-east:pr-500ki_firmwarentt-east:pr-500mintt-east:pr-500mi_firmwarentt-east:pr-s300hintt-east:pr-s300hi_firmwarentt-east:pr-s300nentt-east:pr-s300ne_firmwarentt-east:pr-s300sentt-east:pr-s300se_firmwarentt-east:rs-500kintt-east:rs-500ki_firmwarentt-east:rs-500mintt-east:rs-500mi_firmwarentt-east:rt-400kintt-east:rt-400ki_firmwarentt-east:rt-400mintt-east:rt-400mi_firmwarentt-east:rt-400nentt-east:rt-400ne_firmwarentt-east:rt-500kintt-east:rt-500ki_firmwarentt-east:rt-500mintt-east:rt-500mi_firmwarentt-east:rt-s300hintt-east:rt-s300hi_firmwarentt-east:rt-s300nentt-east:rt-s300ne_firmwarentt-east:rt-s300sentt-east:rt-s300se_firmwarentt-east:rv-440kintt-east:rv-440ki_firmwarentt-east:rv-440mintt-east:rv-440mi_firmwarentt-east:rv-440nentt-east:rv-440ne_firmwarentt-east:rv-s340hintt-east:rv-s340hi_firmwarentt-east:rv-s340nentt-east:rv-s340ne_firmwarentt-east:rv-s340sentt-east:rv-s340se_firmwarentt-west:pr-400kintt-west:pr-400ki_firmwarentt-west:pr-400mintt-west:pr-400mi_firmwarentt-west:pr-400nentt-west:pr-400ne_firmwarentt-west:pr-500kintt-west:pr-500ki_firmwarentt-west:pr-500mintt-west:pr-500mi_firmwarentt-west:pr-s300hintt-west:pr-s300hi_firmwarentt-west:pr-s300nentt-west:pr-s300ne_firmwarentt-west:pr-s300sentt-west:pr-s300se_firmwarentt-west:rt-400kintt-west:rt-400ki_firmwarentt-west:rt-400mintt-west:rt-400mi_firmwarentt-west:rt-400nentt-west:rt-400ne_firmwarentt-west:rt-500kintt-west:rt-500ki_firmwarentt-west:rt-500mintt-west:rt-500mi_firmwarentt-west:rt-s300hintt-west:rt-s300hi_firmwarentt-west:rt-s300nentt-west:rt-s300ne_firmwarentt-west:rt-s300sentt-west:rt-s300se_firmwarentt-west:rv-440kintt-west:rv-440ki_firmwarentt-west:rv-440mintt-west:rv-440mi_firmwarentt-west:rv-440nentt-west:rv-440ne_firmwarentt-west:rv-s340hintt-west:rv-s340hi_firmwarentt-west:rv-s340nentt-west:rv-s340ne_firmwarentt-west:rv-s340sentt-west:rv-s340se_firmware

Fraquezas (CWE)

CWE-352

Referencias

http://jvn.jp/en/jp/JVN43172719/index.html(vultures@jpcert.or.jp)
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html(vultures@jpcert.or.jp)
http://jvn.jp/en/jp/JVN43172719/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.