6.8

CVE-2018-0666

EPSS 0.19%
Published 09.01.2019 23:29:01
Last modified 21.11.2024 03:38:42
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Yamaha ≫ Rt57i Firmware Version <= rev.8.00.95

Yamaha ≫ Rt57i Version-

Yamaha ≫ Rt58i Firmware Version <= rev.9.01.51

Yamaha ≫ Rt58i Version-

Yamaha ≫ Nvr500 Firmware Version <= rev.11.00.36

Yamaha ≫ Nvr500 Version-

Yamaha ≫ Rtx810 Firmware Version <= rev.11.01.31

Yamaha ≫ Rtx810 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.41

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.2	5.1	6.4	AV:A/AC:L/Au:S/C:P/I:P/A:P

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html

Third Party Advisory

https://flets-w.com/solution/kiki_info/info/180829.html

Third Party Advisory

https://jvn.jp/en/jp/JVN69967692/index.html

Third Party Advisory

https://web116.jp/ced/support/news/contents/2018/20180829b.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0666

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0666

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0666

EUVD