Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntt-East | Pr-S300Ne Firmware | <= 19.41 |
| Ntt-East | Pr-S300Ne | - |
| Ntt-East | Rt-S300Ne Firmware | <= 19.41 |
| Ntt-East | Rt-S300Ne | - |
| Ntt-East | Rv-S340Ne Firmware | <= 19.41 |
| Ntt-East | Rv-S340Ne | - |
| Ntt-East | Pr-S300Hi Firmware | <= 19.01.0005 |
| Ntt-East | Pr-S300Hi | - |
| Ntt-East | Rt-S300Hi Firmware | <= 19.01.0005 |
| Ntt-East | Rt-S300Hi | - |
| Ntt-East | Rv-S340Hi Firmware | <= 19.01.0005 |
| Ntt-East | Rv-S340Hi | - |
| Ntt-East | Pr-S300Se Firmware | <= 19.40 |
| Ntt-East | Pr-S300Se | - |
| Ntt-East | Rt-S300Se Firmware | <= 19.40 |
| Ntt-East | Rt-S300Se | - |
| Ntt-East | Rv-S340Se Firmware | <= 19.40 |
| Ntt-East | Rv-S340Se | - |
| Ntt-East | Pr-400Ne Firmware | <= 7.42 |
| Ntt-East | Pr-400Ne | - |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN43172719/index.htmlThird Party AdvisoryVDB Entry
- https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN43172719/index.htmlThird Party AdvisoryVDB Entry
- https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.htmlVendor Advisory
FAQ
What is CVE-2019-5986?
CVE-2019-5986 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV...
How severe is CVE-2019-5986?
CVE-2019-5986 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5986?
Check the references section above for vendor advisories and patch information. Affected products include: Ntt-East Pr-S300Ne Firmware, Ntt-East Pr-S300Ne, Ntt-East Rt-S300Ne Firmware, Ntt-East Rt-S300Ne, Ntt-East Rv-S340Ne Firmware.