CVE-2019-5985

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Overview
  • CVE ID
  • CVE-2019-5985
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2019-09-12T17:15:13
  • Last Modified Date
  • 2019-09-16T17:44:28
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:ntt-east:pr-s300ne_firmware:*:*:*:*:*:*:*:* 1 OR 19.41
cpe:2.3:h:ntt-east:pr-s300ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-s300ne_firmware:*:*:*:*:*:*:*:* 1 OR 19.41
cpe:2.3:h:ntt-east:rt-s300ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rv-s340ne_firmware:*:*:*:*:*:*:*:* 1 OR 19.41
cpe:2.3:h:ntt-east:rv-s340ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-s300hi_firmware:*:*:*:*:*:*:*:* 1 OR 19.01.0005
cpe:2.3:h:ntt-east:pr-s300hi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-s300hi_firmware:*:*:*:*:*:*:*:* 1 OR 19.01.0005
cpe:2.3:h:ntt-east:rt-s300hi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rv-s340hi_firmware:*:*:*:*:*:*:*:* 1 OR 19.01.0005
cpe:2.3:h:ntt-east:rv-s340hi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-s300se_firmware:*:*:*:*:*:*:*:* 1 OR 19.40
cpe:2.3:h:ntt-east:pr-s300se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-s300se_firmware:*:*:*:*:*:*:*:* 1 OR 19.40
cpe:2.3:h:ntt-east:rt-s300se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rv-s340se_firmware:*:*:*:*:*:*:*:* 1 OR 19.40
cpe:2.3:h:ntt-east:rv-s340se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-400ne_firmware:*:*:*:*:*:*:*:* 1 OR 7.42
cpe:2.3:h:ntt-east:pr-400ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-400ne_firmware:*:*:*:*:*:*:*:* 1 OR 7.42
cpe:2.3:h:ntt-east:rt-400ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rv-440ne_firmware:*:*:*:*:*:*:*:* 1 OR 7.42
cpe:2.3:h:ntt-east:rv-440ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-400ki_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1010
cpe:2.3:h:ntt-east:pr-400ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-400ki_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1010
cpe:2.3:h:ntt-east:rt-400ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rv-440ki_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1010
cpe:2.3:h:ntt-east:rv-440ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-400mi_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1012
cpe:2.3:h:ntt-east:pr-400mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-400mi_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1012
cpe:2.3:h:ntt-east:rt-400mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rv-440mi_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1012
cpe:2.3:h:ntt-east:rv-440mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-500ki_firmware:*:*:*:*:*:*:*:* 1 OR 01.00.0090
cpe:2.3:h:ntt-east:pr-500ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-500ki_firmware:*:*:*:*:*:*:*:* 1 OR 01.00.0090
cpe:2.3:h:ntt-east:rt-500ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rs-500ki_firmware:*:*:*:*:*:*:*:* 1 OR 01.00.0070
cpe:2.3:h:ntt-east:rs-500ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:pr-500mi_firmware:*:*:*:*:*:*:*:* 1 OR 01.01.0014
cpe:2.3:h:ntt-east:pr-500mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rt-500mi_firmware:*:*:*:*:*:*:*:* 1 OR 01.01.0014
cpe:2.3:h:ntt-east:rt-500mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-east:rs-500mi_firmware:*:*:*:*:*:*:*:* 1 OR 03.01.0019
cpe:2.3:h:ntt-east:rs-500mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-s300ne_firmware:*:*:*:*:*:*:*:* 1 OR 19.41
cpe:2.3:h:ntt-west:pr-s300ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-s300ne_firmware:*:*:*:*:*:*:*:* 1 OR 19.41
cpe:2.3:h:ntt-west:rt-s300ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rv-s340ne_firmware:*:*:*:*:*:*:*:* 1 OR 19.41
cpe:2.3:h:ntt-west:rv-s340ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-s300hi_firmware:*:*:*:*:*:*:*:* 1 OR 19.01.0005
cpe:2.3:h:ntt-west:pr-s300hi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-s300hi_firmware:*:*:*:*:*:*:*:* 1 OR 19.01.0005
cpe:2.3:h:ntt-west:rt-s300hi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rv-s340hi_firmware:*:*:*:*:*:*:*:* 1 OR 19.01.0005
cpe:2.3:h:ntt-west:rv-s340hi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-s300se_firmware:*:*:*:*:*:*:*:* 1 OR 19.40
cpe:2.3:h:ntt-west:pr-s300se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-s300se_firmware:*:*:*:*:*:*:*:* 1 OR 19.40
cpe:2.3:h:ntt-west:rt-s300se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rv-s340se_firmware:*:*:*:*:*:*:*:* 1 OR 19.40
cpe:2.3:h:ntt-west:rv-s340se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-400ne_firmware:*:*:*:*:*:*:*:* 1 OR 7.42
cpe:2.3:h:ntt-west:pr-400ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-400ne_firmware:*:*:*:*:*:*:*:* 1 OR 7.42
cpe:2.3:h:ntt-west:rt-400ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rv-440ne_firmware:*:*:*:*:*:*:*:* 1 OR 7.42
cpe:2.3:h:ntt-west:rv-440ne:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-400ki_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1010
cpe:2.3:h:ntt-west:pr-400ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-400ki_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1010
cpe:2.3:h:ntt-west:rt-400ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rv-440ki_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1010
cpe:2.3:h:ntt-west:rv-440ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-400mi_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1012
cpe:2.3:h:ntt-west:pr-400mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-400mi_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1012
cpe:2.3:h:ntt-west:rt-400mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rv-440mi_firmware:*:*:*:*:*:*:*:* 1 OR 07.00.1012
cpe:2.3:h:ntt-west:rv-440mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-500ki_firmware:*:*:*:*:*:*:*:* 1 OR 01.00.0090
cpe:2.3:h:ntt-west:pr-500ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-500ki_firmware:*:*:*:*:*:*:*:* 1 OR 01.00.0090
cpe:2.3:h:ntt-west:rt-500ki:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:pr-500mi_firmware:*:*:*:*:*:*:*:* 1 OR 01.01.0011
cpe:2.3:h:ntt-west:pr-500mi:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ntt-west:rt-500mi_firmware:*:*:*:*:*:*:*:* 1 OR 01.01.0011
cpe:2.3:h:ntt-west:rt-500mi:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://www.ntt-west.co.jp/kiki/support/flets/hgw/190626.html Vendor Advisory
http://jvn.jp/en/jp/JVN43172719/index.html Third Party Advisory VDB Entry
History
Created Old Value New Value Data Type Notes
2022-05-10 07:46:13 Added to TrackCVE
2022-12-04 02:40:47 2019-09-12T17:15Z 2019-09-12T17:15:13 CVE Published Date updated
2022-12-04 02:40:47 2019-09-16T17:44:28 CVE Modified Date updated
2022-12-04 02:40:47 Analyzed Vulnerability Status updated