Vulnerability CVE-2008-0524

Vulnerability CVE-2008-0524

Published: 2008-01-31 Modified: 2012-02-12

Description:

Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Yamaha -> Rtx1100
Yamaha -> Rt107e
Yamaha -> Rtx1500
Yamaha -> Rt52pro
Yamaha -> Srt100
Yamaha -> Rt56v
Yamaha -> Rt57i
Yamaha -> Rt58i
Yamaha -> Rt60w
Yamaha -> Rt80i
Yamaha -> Rta50i
Yamaha -> Rta52i
Yamaha -> Rta54i
Yamaha -> Rta55i
Yamaha -> Rtv700
Yamaha -> Rtw65b
Yamaha -> Rtw65i
Yamaha -> Rtx1000

References:

http://jvn.jp/jp/JVN%2388575577/index.html

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html

http://www.securityfocus.com/bid/27491

https://exchange.xforce.ibmcloud.com/vulnerabilities/40015

Copyright 2024, cxsecurity.com