Vulnerability Details : CVE-2019-5986
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2019-5986
- cpe:2.3:o:ntt-east:pr-s300ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-s300ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rv-s340ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-s300hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-s300hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rv-s340hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-s300se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-s300se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rv-s340se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-400ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-400ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rv-440ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-400ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-400ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rv-440ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-400mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-400mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rv-440mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-500ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-500ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rs-500ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:pr-500mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rt-500mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-east:rs-500mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-s300ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-s300ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rv-s340ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-s300hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-s300hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rv-s340hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-s300se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-s300se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rv-s340se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-400ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-400ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rv-440ne_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-400ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-400ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rv-440ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-400mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-400mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rv-440mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-500ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-500ki_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:pr-500mi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ntt-west:rt-500mi_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5986
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5986
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-5986
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-5986
-
http://jvn.jp/en/jp/JVN43172719/index.html
JVN#43172719: Multiple vulnerabilities in Hikari Denwa router/Home GateWayThird Party Advisory;VDB Entry
-
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html
情報機器ナビゲーションVendor Advisory
Jump to