Vulnerability CVE-2018-0666


Published: 2019-01-09   Modified: 2019-01-10

Description:
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.

Type:

CWE-74

CVSS2 => (AV:A/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.2/10
6.4/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Yamaha -> Nvr500 firmware 
Yamaha -> Rt57i firmware 
Yamaha -> Rt58i firmware 
Yamaha -> Rtx810 firmware 

 References:
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html
https://flets-w.com/solution/kiki_info/info/180829.html
https://jvn.jp/en/jp/JVN69967692/index.html
https://web116.jp/ced/support/news/contents/2018/20180829b.html

Copyright 2024, cxsecurity.com

 

Back to Top