MidnightBSD

Advisories for ntt-west

CVE-2016-1227 MEDIUM

NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ntt-east rt-400mi_firmware *
ntt-east rv-440mi_firmware *
ntt-west rv-440mi_firmware *
ntt-west rt-400mi_firmware *
ntt-east pr-400mi_firmware *
ntt-west pr-400mi_firmware *
CVE-2016-1228 MEDIUM

Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
ntt-east rt-400mi_firmware *
ntt-east rv-440mi_firmware *
ntt-west rv-440mi_firmware *
ntt-west pr-400mi -
ntt-west rt-400mi_firmware *
ntt-west pr-400mi_firmware *
ntt-east pr-400mi_firmware 07.00.1006
CVE-2018-16177 MEDIUM

Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
ntt-west fall_creators_update -
CVE-2019-5985 MEDIUM

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ntt-east rt-400ki_firmware *
ntt-west rt-s300se_firmware *
ntt-west rv-440ne_firmware *
ntt-west rv-440ki_firmware *
ntt-east rs-500mi_firmware *
ntt-west rt-500ki_firmware *
ntt-east rv-s340se_firmware *
ntt-west pr-s300hi_firmware *
ntt-east pr-400mi_firmware *
ntt-west pr-400mi_firmware *
ntt-east rv-s340hi_firmware *
ntt-west rv-s340hi_firmware *
ntt-east rs-500ki_firmware *
ntt-west pr-s300ne_firmware *
ntt-east rv-440ki_firmware *
ntt-east rt-400mi_firmware *
ntt-east rv-440ne_firmware *
ntt-west rv-s340se_firmware *
ntt-east rt-s300se_firmware *
ntt-east pr-400ne_firmware *
ntt-west rt-s300hi_firmware *
ntt-west rt-s300ne_firmware *
ntt-west pr-400ne_firmware *
ntt-west rt-400mi_firmware *
ntt-east rt-500ki_firmware *
ntt-west rt-500mi_firmware *
ntt-east pr-s300ne_firmware *
ntt-west rv-440mi_firmware *
ntt-east rt-s300ne_firmware *
ntt-west pr-s300se_firmware *
ntt-east pr-400ki_firmware *
ntt-west rv-s340ne_firmware *
ntt-east pr-500ki_firmware *
ntt-east rt-s300hi_firmware *
ntt-east rv-s340ne_firmware *
ntt-east rt-400ne_firmware *
ntt-east pr-s300hi_firmware *
ntt-east rv-440mi_firmware *
ntt-west pr-400ki_firmware *
ntt-west pr-500ki_firmware *
ntt-west rt-400ki_firmware *
ntt-west pr-500mi_firmware *
ntt-east rt-500mi_firmware *
ntt-west rt-400ne_firmware *
ntt-east pr-500mi_firmware *
ntt-east pr-s300se_firmware *
CVE-2019-5986 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
ntt-east rt-400ki_firmware *
ntt-west rt-s300se_firmware *
ntt-west rv-440ne_firmware *
ntt-west rv-440ki_firmware *
ntt-east rs-500mi_firmware *
ntt-west rt-500ki_firmware *
ntt-east rv-s340se_firmware *
ntt-west pr-s300hi_firmware *
ntt-east pr-400mi_firmware *
ntt-west pr-400mi_firmware *
ntt-east rv-s340hi_firmware *
ntt-west rv-s340hi_firmware *
ntt-east rs-500ki_firmware *
ntt-west pr-s300ne_firmware *
ntt-east rv-440ki_firmware *
ntt-east rt-400mi_firmware *
ntt-east rv-440ne_firmware *
ntt-west rv-s340se_firmware *
ntt-east rt-s300se_firmware *
ntt-east pr-400ne_firmware *
ntt-west rt-s300hi_firmware *
ntt-west rt-s300ne_firmware *
ntt-west pr-400ne_firmware *
ntt-west rt-400mi_firmware *
ntt-east rt-500ki_firmware *
ntt-west rt-500mi_firmware *
ntt-east pr-s300ne_firmware *
ntt-west rv-440mi_firmware *
ntt-east rt-s300ne_firmware *
ntt-west pr-s300se_firmware *
ntt-east pr-400ki_firmware *
ntt-west rv-s340ne_firmware *
ntt-east pr-500ki_firmware *
ntt-east rt-s300hi_firmware *
ntt-east rv-s340ne_firmware *
ntt-east rt-400ne_firmware *
ntt-east pr-s300hi_firmware *
ntt-east rv-440mi_firmware *
ntt-west pr-400ki_firmware *
ntt-west pr-500ki_firmware *
ntt-west rt-400ki_firmware *
ntt-west pr-500mi_firmware *
ntt-east rt-500mi_firmware *
ntt-west rt-400ne_firmware *
ntt-east pr-500mi_firmware *
ntt-east pr-s300se_firmware *
CVE-2021-20843 LOW

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-829,

Products Affected

Vendor Product Version
ntt-west biz_box_nvr700w_firmware *
yamaha rtx1210_firmware *
yamaha nvr700w_firmware *
yamaha rtx830_firmware *
ntt-west biz_box_nvr510_firmware *
ntt-west biz_box_rtx1210_firmware *
yamaha nvr510_firmware *
ntt-west biz_box_rtx830_firmware *
CVE-2021-20844 LOW

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-116,

Products Affected

Vendor Product Version
ntt-west biz_box_nvr700w_firmware *
yamaha rtx1210_firmware *
yamaha nvr700w_firmware *
yamaha rtx830_firmware *
ntt-west biz_box_nvr510_firmware *
ntt-west biz_box_rtx1210_firmware *
yamaha nvr510_firmware *
ntt-west biz_box_rtx830_firmware *