PT-2019-8690 · Yamaha · Nvr500+3
Hayato Doi
·
Publicado
2019-01-09
·
Atualizado
2020-08-24
·
CVE-2018-0665
CVSS v3.1
6.8
Média
| Vetor | AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yamaha routers RT57i versions 8.00.95 and earlier
Yamaha routers RT58i versions 9.01.51 and earlier
Yamaha routers NVR500 versions 11.00.36 and earlier
Yamaha routers RTX810 versions 11.01.31 and earlier
Description
The issue allows an administrative user to embed arbitrary scripts into the configuration data through a certain form field of the configuration page. This may result in the execution of these scripts on another administrative user's web browser.
Recommendations
For RT57i versions 8.00.95 and earlier, update to a version later than 8.00.95 to resolve the issue.
For RT58i versions 9.01.51 and earlier, update to a version later than 9.01.51 to resolve the issue.
For NVR500 versions 11.00.36 and earlier, update to a version later than 11.00.36 to resolve the issue.
For RTX810 versions 11.01.31 and earlier, update to a version later than 11.01.31 to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Nvr500
Rt57I
Rt58I
Rtx810