CVE-2019-5985

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
ntt-eastpr-s300ne_firmware
𝑥
≤ 19.41
ntt-eastrt-s300ne_firmware
𝑥
≤ 19.41
ntt-eastrv-s340ne_firmware
𝑥
≤ 19.41
ntt-eastpr-s300hi_firmware
𝑥
≤ 19.01.0005
ntt-eastrt-s300hi_firmware
𝑥
≤ 19.01.0005
ntt-eastrv-s340hi_firmware
𝑥
≤ 19.01.0005
ntt-eastpr-s300se_firmware
𝑥
≤ 19.40
ntt-eastrt-s300se_firmware
𝑥
≤ 19.40
ntt-eastrv-s340se_firmware
𝑥
≤ 19.40
ntt-eastpr-400ne_firmware
𝑥
≤ 7.42
ntt-eastrt-400ne_firmware
𝑥
≤ 7.42
ntt-eastrv-440ne_firmware
𝑥
≤ 7.42
ntt-eastpr-400ki_firmware
𝑥
≤ 07.00.1010
ntt-eastrt-400ki_firmware
𝑥
≤ 07.00.1010
ntt-eastrv-440ki_firmware
𝑥
≤ 07.00.1010
ntt-eastpr-400mi_firmware
𝑥
≤ 07.00.1012
ntt-eastrt-400mi_firmware
𝑥
≤ 07.00.1012
ntt-eastrv-440mi_firmware
𝑥
≤ 07.00.1012
ntt-eastpr-500ki_firmware
𝑥
≤ 01.00.0090
ntt-eastrt-500ki_firmware
𝑥
≤ 01.00.0090
ntt-eastrs-500ki_firmware
𝑥
≤ 01.00.0070
ntt-eastpr-500mi_firmware
𝑥
≤ 01.01.0014
ntt-eastrt-500mi_firmware
𝑥
≤ 01.01.0014
ntt-eastrs-500mi_firmware
𝑥
≤ 03.01.0019
ntt-westpr-s300ne_firmware
𝑥
≤ 19.41
ntt-westrt-s300ne_firmware
𝑥
≤ 19.41
ntt-westrv-s340ne_firmware
𝑥
≤ 19.41
ntt-westpr-s300hi_firmware
𝑥
≤ 19.01.0005
ntt-westrt-s300hi_firmware
𝑥
≤ 19.01.0005
ntt-westrv-s340hi_firmware
𝑥
≤ 19.01.0005
ntt-westpr-s300se_firmware
𝑥
≤ 19.40
ntt-westrt-s300se_firmware
𝑥
≤ 19.40
ntt-westrv-s340se_firmware
𝑥
≤ 19.40
ntt-westpr-400ne_firmware
𝑥
≤ 7.42
ntt-westrt-400ne_firmware
𝑥
≤ 7.42
ntt-westrv-440ne_firmware
𝑥
≤ 7.42
ntt-westpr-400ki_firmware
𝑥
≤ 07.00.1010
ntt-westrt-400ki_firmware
𝑥
≤ 07.00.1010
ntt-westrv-440ki_firmware
𝑥
≤ 07.00.1010
ntt-westpr-400mi_firmware
𝑥
≤ 07.00.1012
ntt-westrt-400mi_firmware
𝑥
≤ 07.00.1012
ntt-westrv-440mi_firmware
𝑥
≤ 07.00.1012
ntt-westpr-500ki_firmware
𝑥
≤ 01.00.0090
ntt-westrt-500ki_firmware
𝑥
≤ 01.00.0090
ntt-westpr-500mi_firmware
𝑥
≤ 01.01.0011
ntt-westrt-500mi_firmware
𝑥
≤ 01.01.0011
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN43172719/index.html
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html
http://jvn.jp/en/jp/JVN43172719/index.html
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html