PT-2011-3054 · Nec+1 · Nec Ip38X+1
Yuji Ukai
·
Published
2011-05-09
·
Updated
2011-05-27
·
CVE-2011-1323
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers versions 6.x through 10.x
NEC IP38X series routers versions 6.x through 10.x
Description
The issue is related to the improper handling of IP header options, which can be exploited by remote attackers to cause a denial of service. This is achieved by sending a crafted option that triggers access to an invalid memory location, resulting in a device reboot.
Recommendations
For Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers versions 6.x through 10.x, update the firmware to a version that properly handles IP header options.
For NEC IP38X series routers versions 6.x through 10.x, update the firmware to a version that properly handles IP header options.
As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nec Ip38X
Yamaha Rt