8.8

CVE-2019-5986

Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ntt-eastPr-s300ne Firmware Version <= 19.41
   Ntt-eastPr-s300ne Version-
Ntt-eastRt-s300ne Firmware Version <= 19.41
   Ntt-eastRt-s300ne Version-
Ntt-eastRv-s340ne Firmware Version <= 19.41
   Ntt-eastRv-s340ne Version-
Ntt-eastPr-s300hi Firmware Version <= 19.01.0005
   Ntt-eastPr-s300hi Version-
Ntt-eastRt-s300hi Firmware Version <= 19.01.0005
   Ntt-eastRt-s300hi Version-
Ntt-eastRv-s340hi Firmware Version <= 19.01.0005
   Ntt-eastRv-s340hi Version-
Ntt-eastPr-s300se Firmware Version <= 19.40
   Ntt-eastPr-s300se Version-
Ntt-eastRt-s300se Firmware Version <= 19.40
   Ntt-eastRt-s300se Version-
Ntt-eastRv-s340se Firmware Version <= 19.40
   Ntt-eastRv-s340se Version-
Ntt-eastPr-400ne Firmware Version <= 7.42
   Ntt-eastPr-400ne Version-
Ntt-eastRt-400ne Firmware Version <= 7.42
   Ntt-eastRt-400ne Version-
Ntt-eastRv-440ne Firmware Version <= 7.42
   Ntt-eastRv-440ne Version-
Ntt-eastPr-400ki Firmware Version <= 07.00.1010
   Ntt-eastPr-400ki Version-
Ntt-eastRt-400ki Firmware Version <= 07.00.1010
   Ntt-eastRt-400ki Version-
Ntt-eastRv-440ki Firmware Version <= 07.00.1010
   Ntt-eastRv-440ki Version-
Ntt-eastPr-400mi Firmware Version <= 07.00.1012
   Ntt-eastPr-400mi Version-
Ntt-eastRt-400mi Firmware Version <= 07.00.1012
   Ntt-eastRt-400mi Version-
Ntt-eastRv-440mi Firmware Version <= 07.00.1012
   Ntt-eastRv-440mi Version-
Ntt-eastPr-500ki Firmware Version <= 01.00.0090
   Ntt-eastPr-500ki Version-
Ntt-eastRt-500ki Firmware Version <= 01.00.0090
   Ntt-eastRt-500ki Version-
Ntt-eastRs-500ki Firmware Version <= 01.00.0070
   Ntt-eastRs-500ki Version-
Ntt-eastPr-500mi Firmware Version <= 01.01.0014
   Ntt-eastPr-500mi Version-
Ntt-eastRt-500mi Firmware Version <= 01.01.0014
   Ntt-eastRt-500mi Version-
Ntt-eastRs-500mi Firmware Version <= 03.01.0019
   Ntt-eastRs-500mi Version-
Ntt-westPr-s300ne Firmware Version <= 19.41
   Ntt-westPr-s300ne Version-
Ntt-westRt-s300ne Firmware Version <= 19.41
   Ntt-westRt-s300ne Version-
Ntt-westRv-s340ne Firmware Version <= 19.41
   Ntt-westRv-s340ne Version-
Ntt-westPr-s300hi Firmware Version <= 19.01.0005
   Ntt-westPr-s300hi Version-
Ntt-westRt-s300hi Firmware Version <= 19.01.0005
   Ntt-westRt-s300hi Version-
Ntt-westRv-s340hi Firmware Version <= 19.01.0005
   Ntt-westRv-s340hi Version-
Ntt-westPr-s300se Firmware Version <= 19.40
   Ntt-westPr-s300se Version-
Ntt-westRt-s300se Firmware Version <= 19.40
   Ntt-westRt-s300se Version-
Ntt-westRv-s340se Firmware Version <= 19.40
   Ntt-westRv-s340se Version-
Ntt-westPr-400ne Firmware Version <= 7.42
   Ntt-westPr-400ne Version-
Ntt-westRt-400ne Firmware Version <= 7.42
   Ntt-westRt-400ne Version-
Ntt-westRv-440ne Firmware Version <= 7.42
   Ntt-westRv-440ne Version-
Ntt-westPr-400ki Firmware Version <= 07.00.1010
   Ntt-westPr-400ki Version-
Ntt-westRt-400ki Firmware Version <= 07.00.1010
   Ntt-westRt-400ki Version-
Ntt-westRv-440ki Firmware Version <= 07.00.1010
   Ntt-westRv-440ki Version-
Ntt-westPr-400mi Firmware Version <= 07.00.1012
   Ntt-westPr-400mi Version-
Ntt-westRt-400mi Firmware Version <= 07.00.1012
   Ntt-westRt-400mi Version-
Ntt-westRv-440mi Firmware Version <= 07.00.1012
   Ntt-westRv-440mi Version-
Ntt-westPr-500ki Firmware Version <= 01.00.0090
   Ntt-westPr-500ki Version-
Ntt-westRt-500ki Firmware Version <= 01.00.0090
   Ntt-westRt-500ki Version-
Ntt-westPr-500mi Firmware Version <= 01.01.0011
   Ntt-westPr-500mi Version-
Ntt-westRt-500mi Firmware Version <= 01.01.0011
   Ntt-westRt-500mi Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.317
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://jvn.jp/en/jp/JVN43172719/index.html
Third Party Advisory
VDB Entry