Published: April 11, 2011
>> JAPANESE

1.Overview

The Yamaha routers are router products developed by Yamaha Corporation. The Yamaha routers contain a denial of service (DoS) vulnerability due to a flaw in processing IP packets. If exploited, an attacker could shut down or reboot the Yamaha routers.

Check out the latest announcement and get the fixed firmware available at the following URL, and update the software:
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html (Japanese)

For the latest information, refer to the following URL:
http://jvn.jp/jp/JVN55714408/

In line with the Information Security Early Warning Partnership, IPA received a report concerning this vulnerability from the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and made it public on April 11, 2011.

Credit

：

Yuji Ukai

Fourteenforty Research Institute, Inc. (reported on November 13, 2009)

2.Impact

An attacker could shut down or reboot the Yamaha routers.

3.Solution

To fix this vulnerability, update the firmware to the fixed version provided by the developer or implement a workaround based on the information disclosed by the developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	□ Medium (4.0~6.9)	■ High (7.0~10.0)
CVSS base score			7.8

(2) Base Score Metrics

AV:Access Vector	□ Local	□ Adjacent 　Network	■ Network
AC:Access Complexity	□ High	□ Medium	■ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	■ None	□ Partial	□ Complete
I:Integrity Impact	■ None	□ Partial	□ Complete
A:Availability Impact	□ None	□ Partial	■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “Numeric Errors (CWE-189)”.

Contact