ID
VAR-E-201510-0188
TITLE
Multiple Routers Clickjacking Vulnerability
Trust: 0.3
DESCRIPTION
Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests.
Successful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | yamaha | model: | srt100 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx810 | scope: | eq | version: | 11.1.21 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1500 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1210 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1200 | scope: | eq | version: | 10.1.59 | Trust: 0.3 |
| vendor: | yamaha | model: | rtv01 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rt58i | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rt107e | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | nvr500 | scope: | eq | version: | 11.0.25 | Trust: 0.3 |
| vendor: | yamaha | model: | fwx120 | scope: | eq | version: | 11.3.8 | Trust: 0.3 |
| vendor: | nec | model: | infocage | scope: | eq | version: | 3.1 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx810 | scope: | ne | version: | 11.1.25 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1200 | scope: | ne | version: | 10.1.65 | Trust: 0.3 |
| vendor: | yamaha | model: | nvr500 | scope: | ne | version: | 11.0.28 | Trust: 0.3 |
| vendor: | yamaha | model: | fwx120 | scope: | ne | version: | 11.3.13 | Trust: 0.3 |
| vendor: | nec | model: | infocage | scope: | ne | version: | 5.1 | Trust: 0.3 |
EXPLOIT
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted webpage.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Noriaki Iwasaki of Cyber Defense Institute
Trust: 0.3
EXTERNAL IDS
| db: | JVN | id: | JVN48135658 | Trust: 0.3 |
| db: | BID | id: | 77386 | Trust: 0.3 |
REFERENCES
| url: | http://jvn.jp/en/jp/jvn48135658/index.html | Trust: 0.3 |
| url: | http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn48135658.html | Trust: 0.3 |
| url: | http://jpn.nec.com/security-info/secinfo/nv15-019.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 77386 |
LAST UPDATE DATE
2022-07-27T09:29:57.661000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 77386 | date: | 2015-10-30T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 77386 | date: | 2015-10-30T00:00:00 |