CVE-2019-5985

Published: Sep 12, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (46)

Products: Ntt East: Pr S300ne Firmware, Rt S300ne Firmware, Rv S340ne Firmware, Pr S300hi Firmware, Rt S300hi Firmware, Rv S340hi Firmware, Pr S300se Firmware, Rt S300se Firmware, Rv S340se Firmware, Pr 400ne Firmware, Rt 400ne Firmware, Rv 440ne Firmware, Pr 400ki Firmware, Rt 400ki Firmware, Rv 440ki Firmware, Pr 400mi Firmware, Rt 400mi Firmware, Rv 440mi Firmware, Pr 500ki Firmware, Rt 500ki Firmware, Rs 500ki Firmware, Pr 500mi Firmware, Rt 500mi Firmware, Rs 500mi Firmware · Ntt West: Pr S300ne Firmware, Rt S300ne Firmware, Rv S340ne Firmware, Pr S300hi Firmware, Rt S300hi Firmware, Rv S340hi Firmware, Pr S300se Firmware, Rt S300se Firmware, Rv S340se Firmware, Pr 400ne Firmware, Rt 400ne Firmware, Rv 440ne Firmware, Pr 400ki Firmware, Rt 400ki Firmware, Rv 440ki Firmware, Pr 400mi Firmware, Rt 400mi Firmware, Rv 440mi Firmware, Pr 500ki Firmware, Rt 500ki Firmware, Pr 500mi Firmware, Rt 500mi Firmware

24 products

22 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr S300ne Firmware	Up to 19.41

Running on/with	Platform Versions
Ntt East Pr S300ne	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt S300ne Firmware	Up to 19.41

Running on/with	Platform Versions
Ntt East Rt S300ne	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rv S340ne Firmware	Up to 19.41

Running on/with	Platform Versions
Ntt East Rv S340ne	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr S300hi Firmware	Up to 19.01.0005

Running on/with	Platform Versions
Ntt East Pr S300hi	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt S300hi Firmware	Up to 19.01.0005

Running on/with	Platform Versions
Ntt East Rt S300hi	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rv S340hi Firmware	Up to 19.01.0005

Running on/with	Platform Versions
Ntt East Rv S340hi	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr S300se Firmware	Up to 19.40

Running on/with	Platform Versions
Ntt East Pr S300se	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt S300se Firmware	Up to 19.40

Running on/with	Platform Versions
Ntt East Rt S300se	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rv S340se Firmware	Up to 19.40

Running on/with	Platform Versions
Ntt East Rv S340se	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr 400ne Firmware	Up to 7.42

Running on/with	Platform Versions
Ntt East Pr 400ne	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt 400ne Firmware	Up to 7.42

Running on/with	Platform Versions
Ntt East Rt 400ne	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rv 440ne Firmware	Up to 7.42

Running on/with	Platform Versions
Ntt East Rv 440ne	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr 400ki Firmware	Up to 07.00.1010

Running on/with	Platform Versions
Ntt East Pr 400ki	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt 400ki Firmware	Up to 07.00.1010

Running on/with	Platform Versions
Ntt East Rt 400ki	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rv 440ki Firmware	Up to 07.00.1010

Running on/with	Platform Versions
Ntt East Rv 440ki	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr 400mi Firmware	Up to 07.00.1012

Running on/with	Platform Versions
Ntt East Pr 400mi	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt 400mi Firmware	Up to 07.00.1012

Running on/with	Platform Versions
Ntt East Rt 400mi	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rv 440mi Firmware	Up to 07.00.1012

Running on/with	Platform Versions
Ntt East Rv 440mi	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr 500ki Firmware	Up to 01.00.0090

Running on/with	Platform Versions
Ntt East Pr 500ki	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt 500ki Firmware	Up to 01.00.0090

Running on/with	Platform Versions
Ntt East Rt 500ki	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rs 500ki Firmware	Up to 01.00.0070

Running on/with	Platform Versions
Ntt East Rs 500ki	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Pr 500mi Firmware	Up to 01.01.0014

Running on/with	Platform Versions
Ntt East Pr 500mi	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rt 500mi Firmware	Up to 01.01.0014

Running on/with	Platform Versions
Ntt East Rt 500mi	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt East Rs 500mi Firmware	Up to 03.01.0019

Running on/with	Platform Versions
Ntt East Rs 500mi	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr S300ne Firmware	Up to 19.41

Running on/with	Platform Versions
Ntt West Pr S300ne	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt S300ne Firmware	Up to 19.41

Running on/with	Platform Versions
Ntt West Rt S300ne	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rv S340ne Firmware	Up to 19.41

Running on/with	Platform Versions
Ntt West Rv S340ne	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr S300hi Firmware	Up to 19.01.0005

Running on/with	Platform Versions
Ntt West Pr S300hi	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt S300hi Firmware	Up to 19.01.0005

Running on/with	Platform Versions
Ntt West Rt S300hi	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rv S340hi Firmware	Up to 19.01.0005

Running on/with	Platform Versions
Ntt West Rv S340hi	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr S300se Firmware	Up to 19.40

Running on/with	Platform Versions
Ntt West Pr S300se	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt S300se Firmware	Up to 19.40

Running on/with	Platform Versions
Ntt West Rt S300se	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rv S340se Firmware	Up to 19.40

Running on/with	Platform Versions
Ntt West Rv S340se	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr 400ne Firmware	Up to 7.42

Running on/with	Platform Versions
Ntt West Pr 400ne	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt 400ne Firmware	Up to 7.42

Running on/with	Platform Versions
Ntt West Rt 400ne	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rv 440ne Firmware	Up to 7.42

Running on/with	Platform Versions
Ntt West Rv 440ne	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr 400ki Firmware	Up to 07.00.1010

Running on/with	Platform Versions
Ntt West Pr 400ki	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt 400ki Firmware	Up to 07.00.1010

Running on/with	Platform Versions
Ntt West Rt 400ki	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rv 440ki Firmware	Up to 07.00.1010

Running on/with	Platform Versions
Ntt West Rv 440ki	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr 400mi Firmware	Up to 07.00.1012

Running on/with	Platform Versions
Ntt West Pr 400mi	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt 400mi Firmware	Up to 07.00.1012

Running on/with	Platform Versions
Ntt West Rt 400mi	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rv 440mi Firmware	Up to 07.00.1012

Running on/with	Platform Versions
Ntt West Rv 440mi	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr 500ki Firmware	Up to 01.00.0090

Running on/with	Platform Versions
Ntt West Pr 500ki	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt 500ki Firmware	Up to 01.00.0090

Running on/with	Platform Versions
Ntt West Rt 500ki	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Pr 500mi Firmware	Up to 01.01.0011

Running on/with	Platform Versions
Ntt West Pr 500mi	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Rt 500mi Firmware	Up to 01.01.0011

Running on/with	Platform Versions
Ntt West Rt 500mi	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://jvn.jp/en/jp/JVN43172719/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvn.jp/en/jp/JVN43172719/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.