CVE-2016-1227

Published Jul 3, 2016

Last updated 4 years ago

CVSS high 7.2

Overview

Description: NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ntt-east:rt-400mi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B964A954-08EB-416E-BDAE-D66F0C1B5366",
            "versionEndIncluding": "07.00.1006"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ntt-east:rt-400mi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "64CEFE29-5AF9-4935-B084-6B556921AAF0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ntt-west:pr-400mi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A792CE36-D838-4D25-ADAB-898BE7F3439B",
            "versionEndIncluding": "07.00.1005"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ntt-west:pr-400mi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A55EB69F-E103-4A45-8083-A2D6A3AD36C8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ntt-west:rt-400mi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D76D559B-2936-41B9-A810-1658CE125A5A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ntt-west:rt-400mi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "858278B2-7203-427C-988C-3104970A7E00",
            "versionEndIncluding": "07.00.1005"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ntt-west:rv-440mi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEC56ACD-3B81-4434-AA4D-DAEAF8442434",
            "versionEndIncluding": "07.00.1005"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ntt-west:rv-440mi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C2561A87-C99A-4E27-A0AE-E22EE2513735"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ntt-east:pr-400mi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E7F48A6-5846-4605-8655-3DBD453839B9",
            "versionEndIncluding": "07.00.1006"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ntt-east:pr-400mi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7AF589E8-4E1A-43B2-9F44-513D393C2945"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ntt-east:rv-440mi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57B97F48-D979-4BD1-B327-5852BA71E360",
            "versionEndIncluding": "07.00.1006"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ntt-east:rv-440mi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "154E8DF0-AAB4-4926-AD4E-2EB043736810"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References