CVE-2019-5986 Information
Description
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier RS-500KI firmware version Ver.01.00.0070 and earlier PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier and RS-500MI firmware version Ver.03.01.0019 and earlier and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://jvn.jp/en/jp/JVN43172719/index.html https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: