Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Yamaha Routers

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Yamaha Routers

Published: April 11, 2011
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in the Yamaha routers on April 11, 2011.
The vulnerability allows an attacker to cause a denial of service (DoS) condition. To fix the vulnerability, update the firmware to the fixed version provided by the developer.

1.Overview

The Yamaha routers are router products developed by Yamaha Corporation. The Yamaha routers contain a denial of service (DoS) vulnerability due to a flaw in processing IP packets. If exploited, an attacker could shut down or reboot the Yamaha routers.

Check out the latest announcement and get the fixed firmware available at the following URL, and update the software:
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html (Japanese)

For the latest information, refer to the following URL:
http://jvn.jp/jp/JVN55714408/

In line with the Information Security Early Warning Partnership, IPA received a report concerning this vulnerability from the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and made it public on April 11, 2011.

Credit Yuji Ukai Fourteenforty Research Institute, Inc.
(reported on November 13, 2009)

2.Impact

An attacker could shut down or reboot the Yamaha routers.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, update the firmware to the fixed version provided by the developer or implement a workaround based on the information disclosed by the developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score  
7.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact ■ None □ Partial □ Complete
I:Integrity Impact ■ None □ Partial □ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "Numeric Errors (CWE-189)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: