Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5986

Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it can be exploited remotely over the network with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 92 products from ntt-east, from ntt-east, from ntt-east and 89 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-09-12T17:15:14.000

Last Modified

2024-11-21T04:45:51.520

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System ntt-east pr-s300ne_firmware ≤ 19.41 Yes
Hardware ntt-east pr-s300ne - No
Operating System ntt-east rt-s300ne_firmware ≤ 19.41 Yes
Hardware ntt-east rt-s300ne - No
Operating System ntt-east rv-s340ne_firmware ≤ 19.41 Yes
Hardware ntt-east rv-s340ne - No
Operating System ntt-east pr-s300hi_firmware ≤ 19.01.0005 Yes
Hardware ntt-east pr-s300hi - No
Operating System ntt-east rt-s300hi_firmware ≤ 19.01.0005 Yes
Hardware ntt-east rt-s300hi - No
Operating System ntt-east rv-s340hi_firmware ≤ 19.01.0005 Yes
Hardware ntt-east rv-s340hi - No
Operating System ntt-east pr-s300se_firmware ≤ 19.40 Yes
Hardware ntt-east pr-s300se - No
Operating System ntt-east rt-s300se_firmware ≤ 19.40 Yes
Hardware ntt-east rt-s300se - No
Operating System ntt-east rv-s340se_firmware ≤ 19.40 Yes
Hardware ntt-east rv-s340se - No
Operating System ntt-east pr-400ne_firmware ≤ 7.42 Yes
Hardware ntt-east pr-400ne - No
Operating System ntt-east rt-400ne_firmware ≤ 7.42 Yes
Hardware ntt-east rt-400ne - No
Operating System ntt-east rv-440ne_firmware ≤ 7.42 Yes
Hardware ntt-east rv-440ne - No
Operating System ntt-east pr-400ki_firmware ≤ 07.00.1010 Yes
Hardware ntt-east pr-400ki - No
Operating System ntt-east rt-400ki_firmware ≤ 07.00.1010 Yes
Hardware ntt-east rt-400ki - No
Operating System ntt-east rv-440ki_firmware ≤ 07.00.1010 Yes
Hardware ntt-east rv-440ki - No
Operating System ntt-east pr-400mi_firmware ≤ 07.00.1012 Yes
Hardware ntt-east pr-400mi - No
Operating System ntt-east rt-400mi_firmware ≤ 07.00.1012 Yes
Hardware ntt-east rt-400mi - No
Operating System ntt-east rv-440mi_firmware ≤ 07.00.1012 Yes
Hardware ntt-east rv-440mi - No
Operating System ntt-east pr-500ki_firmware ≤ 01.00.0090 Yes
Hardware ntt-east pr-500ki - No
Operating System ntt-east rt-500ki_firmware ≤ 01.00.0090 Yes
Hardware ntt-east rt-500ki - No
Operating System ntt-east rs-500ki_firmware ≤ 01.00.0070 Yes
Hardware ntt-east rs-500ki - No
Operating System ntt-east pr-500mi_firmware ≤ 01.01.0014 Yes
Hardware ntt-east pr-500mi - No
Operating System ntt-east rt-500mi_firmware ≤ 01.01.0014 Yes
Hardware ntt-east rt-500mi - No
Operating System ntt-east rs-500mi_firmware ≤ 03.01.0019 Yes
Hardware ntt-east rs-500mi - No
Operating System ntt-west pr-s300ne_firmware ≤ 19.41 Yes
Hardware ntt-west pr-s300ne - No
Operating System ntt-west rt-s300ne_firmware ≤ 19.41 Yes
Hardware ntt-west rt-s300ne - No
Operating System ntt-west rv-s340ne_firmware ≤ 19.41 Yes
Hardware ntt-west rv-s340ne - No
Operating System ntt-west pr-s300hi_firmware ≤ 19.01.0005 Yes
Hardware ntt-west pr-s300hi - No
Operating System ntt-west rt-s300hi_firmware ≤ 19.01.0005 Yes
Hardware ntt-west rt-s300hi - No
Operating System ntt-west rv-s340hi_firmware ≤ 19.01.0005 Yes
Hardware ntt-west rv-s340hi - No
Operating System ntt-west pr-s300se_firmware ≤ 19.40 Yes
Hardware ntt-west pr-s300se - No
Operating System ntt-west rt-s300se_firmware ≤ 19.40 Yes
Hardware ntt-west rt-s300se - No
Operating System ntt-west rv-s340se_firmware ≤ 19.40 Yes
Hardware ntt-west rv-s340se - No
Operating System ntt-west pr-400ne_firmware ≤ 7.42 Yes
Hardware ntt-west pr-400ne - No
Operating System ntt-west rt-400ne_firmware ≤ 7.42 Yes
Hardware ntt-west rt-400ne - No
Operating System ntt-west rv-440ne_firmware ≤ 7.42 Yes
Hardware ntt-west rv-440ne - No
Operating System ntt-west pr-400ki_firmware ≤ 07.00.1010 Yes
Hardware ntt-west pr-400ki - No
Operating System ntt-west rt-400ki_firmware ≤ 07.00.1010 Yes
Hardware ntt-west rt-400ki - No
Operating System ntt-west rv-440ki_firmware ≤ 07.00.1010 Yes
Hardware ntt-west rv-440ki - No
Operating System ntt-west pr-400mi_firmware ≤ 07.00.1012 Yes
Hardware ntt-west pr-400mi - No
Operating System ntt-west rt-400mi_firmware ≤ 07.00.1012 Yes
Hardware ntt-west rt-400mi - No
Operating System ntt-west rv-440mi_firmware ≤ 07.00.1012 Yes
Hardware ntt-west rv-440mi - No
Operating System ntt-west pr-500ki_firmware ≤ 01.00.0090 Yes
Hardware ntt-west pr-500ki - No
Operating System ntt-west rt-500ki_firmware ≤ 01.00.0090 Yes
Hardware ntt-west rt-500ki - No
Operating System ntt-west pr-500mi_firmware ≤ 01.01.0011 Yes
Hardware ntt-west pr-500mi - No
Operating System ntt-west rt-500mi_firmware ≤ 01.01.0011 Yes
Hardware ntt-west rt-500mi - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For ntt-east's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.