CVE-2019-5986

Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN43172719/index.html	Third Party Advisory VDB Entry
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html	Vendor Advisory
http://jvn.jp/en/jp/JVN43172719/index.html	Third Party Advisory VDB Entry
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ntt-east:pr-s300ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-s300ne:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ntt-east:rt-s300ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-s300ne:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ntt-east:rv-s340ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rv-s340ne:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ntt-east:pr-s300hi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-s300hi:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ntt-east:rt-s300hi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-s300hi:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ntt-east:rv-s340hi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rv-s340hi:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ntt-east:pr-s300se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-s300se:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ntt-east:rt-s300se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-s300se:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:ntt-east:rv-s340se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rv-s340se:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:ntt-east:pr-400ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-400ne:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:ntt-east:rt-400ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-400ne:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:ntt-east:rv-440ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rv-440ne:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:ntt-east:pr-400ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-400ki:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:ntt-east:rt-400ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-400ki:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:ntt-east:rv-440ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rv-440ki:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:ntt-east:pr-400mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-400mi:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:ntt-east:rt-400mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-400mi:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:ntt-east:rv-440mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rv-440mi:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:ntt-east:pr-500ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-500ki:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:ntt-east:rt-500ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-500ki:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:ntt-east:rs-500ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rs-500ki:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:ntt-east:pr-500mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:pr-500mi:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:ntt-east:rt-500mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rt-500mi:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:ntt-east:rs-500mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-east:rs-500mi:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:ntt-west:pr-s300ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-s300ne:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:ntt-west:rt-s300ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-s300ne:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:ntt-west:rv-s340ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rv-s340ne:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:ntt-west:pr-s300hi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-s300hi:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:ntt-west:rt-s300hi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-s300hi:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:ntt-west:rv-s340hi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rv-s340hi:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:ntt-west:pr-s300se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-s300se:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:ntt-west:rt-s300se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-s300se:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:ntt-west:rv-s340se_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rv-s340se:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:ntt-west:pr-400ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-400ne:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:ntt-west:rt-400ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-400ne:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:ntt-west:rv-440ne_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rv-440ne:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:ntt-west:pr-400ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-400ki:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:ntt-west:rt-400ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-400ki:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:ntt-west:rv-440ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rv-440ki:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:ntt-west:pr-400mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-400mi:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:ntt-west:rt-400mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-400mi:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:ntt-west:rv-440mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rv-440mi:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:ntt-west:pr-500ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-500ki:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:ntt-west:rt-500ki_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-500ki:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:ntt-west:pr-500mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:pr-500mi:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:ntt-west:rt-500mi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ntt-west:rt-500mi:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:45

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN43172719/index.html - Third Party Advisory, VDB Entry~~	() http://jvn.jp/en/jp/JVN43172719/index.html - Third Party Advisory, VDB Entry
References	~~() https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html - Vendor Advisory~~	() https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html - Vendor Advisory

Information

Published : 2019-09-12 17:15

Updated : 2024-11-21 04:45

NVD link : CVE-2019-5986

Mitre link : CVE-2019-5986

CVE.ORG link : CVE-2019-5986

JSON object : View

Products Affected

ntt-east

pr-s300se_firmware
pr-500ki
rt-s300hi
rt-s300se_firmware
rt-500ki
pr-400ne
rt-s300hi_firmware
rt-500mi
rt-400ki_firmware
rs-500ki_firmware
pr-500mi_firmware
pr-400mi
rt-s300ne
rt-400mi_firmware
rv-s340hi_firmware
rv-s340ne
rt-400ne
rv-440ne
rt-s300se
pr-400ki_firmware
rv-440mi_firmware
rs-500mi_firmware
rv-s340ne_firmware
rv-440ki
rv-440ne_firmware
pr-s300hi
pr-s300ne
pr-400ki
pr-s300se
rv-s340hi
rv-440mi
rv-440ki_firmware
rs-500mi
rv-s340se_firmware
rs-500ki
rt-400ki
rv-s340se
pr-500ki_firmware
rt-500mi_firmware
rt-500ki_firmware
pr-400ne_firmware
rt-s300ne_firmware
rt-400mi
rt-400ne_firmware
pr-s300hi_firmware
pr-s300ne_firmware
pr-400mi_firmware
pr-500mi

ntt-west

pr-s300ne_firmware
rt-s300ne
pr-400mi_firmware
pr-500mi
rt-400mi_firmware
rv-s340hi_firmware
rt-s300hi
rt-s300se_firmware
rt-400ne
rt-500ki
pr-400ne
rt-400ki_firmware
rv-s340ne_firmware
rv-440ki
rv-440ne_firmware
pr-400mi
pr-s300hi
pr-s300ne
rv-s340hi
rv-s340ne
rv-440ne
rt-s300se
rv-440ki_firmware
pr-400ki_firmware
rv-440mi_firmware
rv-s340se_firmware
rv-s340se
pr-400ki
pr-s300se
pr-500ki_firmware
rt-500mi_firmware
pr-400ne_firmware
rv-440mi
rt-400ne_firmware
pr-s300hi_firmware
rt-400ki
pr-s300se_firmware
pr-500ki
rt-500ki_firmware
rt-s300ne_firmware
rt-s300hi_firmware
rt-400mi
rt-500mi
pr-500mi_firmware

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.8 /10