NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-west | pr-400mi_firmware | * |
| ntt-east | pr-400mi_firmware | * |
| ntt-west | rt-400mi_firmware | * |
| ntt-east | rv-440mi_firmware | * |
| ntt-west | rv-440mi_firmware | * |
| ntt-east | rt-400mi_firmware | * |
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-west | pr-400mi_firmware | * |
| ntt-west | pr-400mi | - |
| ntt-west | rt-400mi_firmware | * |
| ntt-east | rv-440mi_firmware | * |
| ntt-west | rv-440mi_firmware | * |
| ntt-east | pr-400mi_firmware | 07.00.1006 |
| ntt-east | rt-400mi_firmware | * |
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-east | pwr-q200_firmware | - |
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-east | flet's_virus_clear_easy_setup_&_application_tool | 11 |
| ntt-east | flet's_virus_clear_v6_easy_setup_&_application_tool | 11 |
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-east | flet's_virus_clear_easy_setup_&_application_tool | * |
| ntt-east | flet's_virus_clear_v6_easy_setup_&_application_tool | * |
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-west | rv-s340hi_firmware | * |
| ntt-east | pr-400ne_firmware | * |
| ntt-west | pr-400ne_firmware | * |
| ntt-west | rv-s340se_firmware | * |
| ntt-east | pr-s300ne_firmware | * |
| ntt-west | rv-440mi_firmware | * |
| ntt-west | pr-400ki_firmware | * |
| ntt-west | pr-500mi_firmware | * |
| ntt-east | rv-s340hi_firmware | * |
| ntt-west | rt-s300hi_firmware | * |
| ntt-east | pr-s300se_firmware | * |
| ntt-east | rt-s300se_firmware | * |
| ntt-east | pr-500mi_firmware | * |
| ntt-east | rt-400mi_firmware | * |
| ntt-east | rt-500mi_firmware | * |
| ntt-west | rt-s300ne_firmware | * |
| ntt-east | rt-s300ne_firmware | * |
| ntt-west | rt-500ki_firmware | * |
| ntt-east | rt-s300hi_firmware | * |
| ntt-east | pr-400ki_firmware | * |
| ntt-west | rv-s340ne_firmware | * |
| ntt-west | rt-400ki_firmware | * |
| ntt-east | pr-400mi_firmware | * |
| ntt-east | rt-400ki_firmware | * |
| ntt-west | rv-440ki_firmware | * |
| ntt-west | rt-s300se_firmware | * |
| ntt-east | pr-500ki_firmware | * |
| ntt-west | rt-400mi_firmware | * |
| ntt-east | rt-400ne_firmware | * |
| ntt-east | rs-500ki_firmware | * |
| ntt-east | rs-500mi_firmware | * |
| ntt-east | rv-s340se_firmware | * |
| ntt-west | rv-440ne_firmware | * |
| ntt-west | rt-500mi_firmware | * |
| ntt-west | rt-400ne_firmware | * |
| ntt-west | pr-400mi_firmware | * |
| ntt-east | rt-500ki_firmware | * |
| ntt-west | pr-s300hi_firmware | * |
| ntt-east | rv-440mi_firmware | * |
| ntt-west | pr-500ki_firmware | * |
| ntt-east | rv-s340ne_firmware | * |
| ntt-east | rv-440ne_firmware | * |
| ntt-east | pr-s300hi_firmware | * |
| ntt-east | rv-440ki_firmware | * |
| ntt-west | pr-s300ne_firmware | * |
| ntt-west | pr-s300se_firmware | * |
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-west | rv-s340hi_firmware | * |
| ntt-east | pr-400ne_firmware | * |
| ntt-west | pr-400ne_firmware | * |
| ntt-west | rv-s340se_firmware | * |
| ntt-east | pr-s300ne_firmware | * |
| ntt-west | rv-440mi_firmware | * |
| ntt-west | pr-400ki_firmware | * |
| ntt-west | pr-500mi_firmware | * |
| ntt-east | rv-s340hi_firmware | * |
| ntt-west | rt-s300hi_firmware | * |
| ntt-east | pr-s300se_firmware | * |
| ntt-east | rt-s300se_firmware | * |
| ntt-east | pr-500mi_firmware | * |
| ntt-east | rt-400mi_firmware | * |
| ntt-east | rt-500mi_firmware | * |
| ntt-west | rt-s300ne_firmware | * |
| ntt-east | rt-s300ne_firmware | * |
| ntt-west | rt-500ki_firmware | * |
| ntt-east | rt-s300hi_firmware | * |
| ntt-east | pr-400ki_firmware | * |
| ntt-west | rv-s340ne_firmware | * |
| ntt-west | rt-400ki_firmware | * |
| ntt-east | pr-400mi_firmware | * |
| ntt-east | rt-400ki_firmware | * |
| ntt-west | rv-440ki_firmware | * |
| ntt-west | rt-s300se_firmware | * |
| ntt-east | pr-500ki_firmware | * |
| ntt-west | rt-400mi_firmware | * |
| ntt-east | rt-400ne_firmware | * |
| ntt-east | rs-500ki_firmware | * |
| ntt-east | rs-500mi_firmware | * |
| ntt-east | rv-s340se_firmware | * |
| ntt-west | rv-440ne_firmware | * |
| ntt-west | rt-500mi_firmware | * |
| ntt-west | rt-400ne_firmware | * |
| ntt-west | pr-400mi_firmware | * |
| ntt-east | rt-500ki_firmware | * |
| ntt-west | pr-s300hi_firmware | * |
| ntt-east | rv-440mi_firmware | * |
| ntt-west | pr-500ki_firmware | * |
| ntt-east | rv-s340ne_firmware | * |
| ntt-east | rv-440ne_firmware | * |
| ntt-east | pr-s300hi_firmware | * |
| ntt-east | rv-440ki_firmware | * |
| ntt-west | pr-s300ne_firmware | * |
| ntt-west | pr-s300se_firmware | * |
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt-east | og410xi_firmware | * |
| ntt-east | og410xa_firmware | * |
| ntt-east | og810xa_firmware | * |
| ntt-east | og810xi_firmware | * |