Vulnerability CVE-2019-5986
Published: 2019-09-12

Description:
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Ntt-west -> Pr-s300se firmware 
Ntt-west -> Rt-400ki firmware 
Ntt-west -> Rt-400mi firmware 
Ntt-west -> Rt-400ne firmware 
Ntt-west -> Rt-500ki firmware 
Ntt-west -> Rt-500mi firmware 
Ntt-west -> Rt-s300hi firmware 
Ntt-west -> Rt-s300ne firmware 
Ntt-west -> Rt-s300se firmware 
Ntt-west -> Pr-400ki firmware 
Ntt-west -> Rv-440ki firmware 
Ntt-west -> Pr-400mi firmware 
Ntt-west -> Rv-440mi firmware 
Ntt-west -> Pr-400ne firmware 
Ntt-west -> Rv-440ne firmware 
Ntt-west -> Pr-500ki firmware 
Ntt-west -> Rv-s340hi firmware 
Ntt-west -> Pr-500mi firmware 
Ntt-west -> Rv-s340ne firmware 
Ntt-west -> Pr-s300hi firmware 
Ntt-west -> Rv-s340se firmware 
Ntt-west -> Pr-s300ne firmware 
Ntt-east -> Rt-s300hi firmware 
Ntt-east -> Pr-400ki firmware 
Ntt-east -> Rt-s300ne firmware 
Ntt-east -> Pr-400mi firmware 
Ntt-east -> Rt-s300se firmware 
Ntt-east -> Pr-400ne firmware 
Ntt-east -> Rv-440ki firmware 
Ntt-east -> Pr-500ki firmware 
Ntt-east -> Rv-440mi firmware 
Ntt-east -> Pr-500mi firmware 
Ntt-east -> Rv-440ne firmware 
Ntt-east -> Pr-s300hi firmware 
Ntt-east -> Rv-s340hi firmware 
Ntt-east -> Pr-s300ne firmware 
Ntt-east -> Rv-s340ne firmware 
Ntt-east -> Pr-s300se firmware 
Ntt-east -> Rv-s340se firmware 
Ntt-east -> Rs-500ki firmware 
Ntt-east -> Rs-500mi firmware 
Ntt-east -> Rt-400ki firmware 
Ntt-east -> Rt-400mi firmware 
Ntt-east -> Rt-400ne firmware 
Ntt-east -> Rt-500ki firmware 
Ntt-east -> Rt-500mi firmware 

 References:
http://jvn.jp/en/jp/JVN43172719/index.html
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html
Copyright 2024, cxsecurity.com

 

Back to Top