IPA/ISEC : Vulnerabilities : Security Alert for Vulnerability in Multiple YAMAHA Routers

HOME >> IT Security >> Vulnerabilities >> Security Alert for Vulnerability in Multiple YAMAHA Routers

Security Alert for Vulnerability in Multiple YAMAHA Routers

January 28, 2008
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Buheita Fujiwara) has issued the Security Alert for Vulnerability in Multiple YAMAHA Routers on January 28, 2008.
This vulnerability allows an attacker to make the user execute unintended administrative operations if the user accesses a malicious web site while logged in on the web administration console of the YAMAHA routers.
When exploited, an attacker could make unauthorized changes, sucha as changing the administrator password and the configuration settings.
To fix the problem, update the firmware to the latest version or change the configuration setting.

1.Overview

Multiple YAMAHA routers, for instance, SRT100 (firewall router), RT58i (broadband VoIP router) and RTX1100 (Ethernet access VPN router), provide the web administration interface to configure the router settings. This web administration console has a cross-site request forgery (CSRF) vulnerability that makes a user execute unintended administrative operations if the user views a malicious web page while logged in on the web administration console.

For information on the affected products, please refer to:
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html (in Japanese)

For the latest information on the vulnerability, please refer to:
http://jvndb.jvn.jp/contents/en/2008/JVNDB-2008-000005.html

The following creditee reported this vulnerability to IPA on October 16, 2007. JPCERT Coordination Center (JPCERT/CC) coordinated with the product vendors and published the vulnerability on January 28, 2008, under Information Security Early Warning Partnership.
Credit: Hirotaka Katagiri

2.Impact

An attacker could change the administrator password or other configuration settings if a user views a malicious web page while logged in on the web administration console.

As a result, the attacker could modify the important settings and take control over the router.

Security Alert for Vulnerability in Multiple YAMAHA Routers

3.Solution

To fix the problem, update the firmware to the latest version or change the configuration setting. Check out the following information YAMAHA provides and take appropriate action for the solution differs depending on the affected product.
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html (in Japanese)

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	■ Medium (4.0~6.9)	□ High (7.0~10.0)
CVSS base score		4.0

(2) Base Score Metrics

AV:Access Vector	□ Local	□ Adjacent 　Network	■ Network
AC:Access Complexity	■ High	□ Medium	□ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	■ None	□ Partial	□ Complete
I:Integrity Impact	□ None	■ Partial	□ Complete
A:Availability Impact	□ None	■ Partial	□ Complete

■:Selected Values

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail:

Top Page