CVE-2018-0666 — MEDIUM (6.8)

Q: How severe is CVE-2018-0666?

CVE-2018-0666 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-0666?

Check the references section above for vendor advisories and patch information. Affected products include: Yamaha Rt57I Firmware, Yamaha Rt57I, Yamaha Rt58I Firmware, Yamaha Rt58I, Yamaha Nvr500 Firmware.

Vulnerability Description

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Yamaha	Rt57I Firmware	<= rev.8.00.95
Yamaha	Rt57I	-
Yamaha	Rt58I Firmware	<= rev.9.01.51
Yamaha	Rt58I	-
Yamaha	Nvr500 Firmware	<= rev.11.00.36
Yamaha	Nvr500	-
Yamaha	Rtx810 Firmware	<= rev.11.01.31
Yamaha	Rtx810	-

References

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.htmlThird Party Advisory
https://flets-w.com/solution/kiki_info/info/180829.htmlThird Party Advisory
https://jvn.jp/en/jp/JVN69967692/index.htmlThird Party Advisory
https://web116.jp/ced/support/news/contents/2018/20180829b.htmlThird Party Advisory
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.htmlThird Party Advisory
https://flets-w.com/solution/kiki_info/info/180829.htmlThird Party Advisory
https://jvn.jp/en/jp/JVN69967692/index.htmlThird Party Advisory
https://web116.jp/ced/support/news/contents/2018/20180829b.htmlThird Party Advisory

FAQ

What is CVE-2018-0666?

CVE-2018-0666 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts t...

How severe is CVE-2018-0666?

CVE-2018-0666 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0666?

Check the references section above for vendor advisories and patch information. Affected products include: Yamaha Rt57I Firmware, Yamaha Rt57I, Yamaha Rt58I Firmware, Yamaha Rt58I, Yamaha Nvr500 Firmware.