Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0666

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.

Published

2019-01-09T23:29:01.467

Last Modified

2024-11-21T03:38:42.007

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.1

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System yamaha rt57i_firmware ≤ rev.8.00.95 Yes
Hardware yamaha rt57i - No
Operating System yamaha rt58i_firmware ≤ rev.9.01.51 Yes
Hardware yamaha rt58i - No
Operating System yamaha nvr500_firmware ≤ rev.11.00.36 Yes
Hardware yamaha nvr500 - No
Operating System yamaha rtx810_firmware ≤ rev.11.01.31 Yes
Hardware yamaha rtx810 - No
References