Vulnerability Details : CVE-2018-0665
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.
Products affected by CVE-2018-0665
- cpe:2.3:o:yamaha:rt57i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:yamaha:rt58i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:yamaha:nvr500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:yamaha:rtx810_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0665
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0665
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.2
|
MEDIUM | AV:A/AC:L/Au:S/C:P/I:P/A:P |
5.1
|
6.4
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
References for CVE-2018-0665
-
https://jvn.jp/en/jp/JVN69967692/index.html
JVN#69967692: Multiple script injection vulnerabilities in multiple Yamaha network devicesThird Party Advisory
-
https://web116.jp/ced/support/news/contents/2018/20180829b.html
お知らせ|サポート情報|通信機器トップ|Web116.jp|NTT東日本Third Party Advisory
-
https://flets-w.com/solution/kiki_info/info/180829.html
Biz Boxルータ「N58i」、「N500」、「NVR500」、「RTX810」をご利用のお客さまへ|NTT西日本|オフィス光公式Third Party Advisory
-
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html
FAQ for YAMAHA RT Series / SecurityThird Party Advisory
Jump to