Products
Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
Source
vultures@jpcert.or.jp
Tags
CVE-2024-47044 details
Last Modified : Sept. 26, 2024, 7:35 p.m.
Description
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://jvn.jp/en/jp/JVN78356367/ | vultures@jpcert.or.jp |
| https://web116.jp/ced/support/version/broadband/500mi/ | vultures@jpcert.or.jp |
| https://web116.jp/ced/support/version/broadband/600mi/ | vultures@jpcert.or.jp |
| https://web116.jp/ced/support/version/broadband/pr_400mi/ | vultures@jpcert.or.jp |
| https://web116.jp/ced/support/version/broadband/rt_400mi/ | vultures@jpcert.or.jp |
| https://web116.jp/ced/support/version/broadband/rv_440mi/ | vultures@jpcert.or.jp |