Main Vulnerability Database SB2024092454

SB2024092454 - Spoofing attack in NTT EAST Home GateWay/Hikari Denwa routers

Published: September 24, 2024

Security Bulletin ID SB2024092454

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Spoofing attack (CVE-ID: CVE-2024-47044)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker who identified WAN-side IPv6 address can access the product's Device Setting page via WAN-side.

Remediation

Install update from vendor's website.

References

https://jvn.jp/en/jp/JVN78356367/index.html

Vulnerable Software

Hikari Denwa router RT-400MI: 09.00.0015 and previous versions
Hikari Denwa router PR-400MI: 09.00.0015 and previous versions
Hikari Denwa router RV-440MI: 09.00.0015 and previous versions
Home GateWay/Hikari Denwa router PR-500MI: 08.00.0004 and previous versions
Home GateWay/Hikari Denwa router RS-500MI: 08.00.0004 and previous versions
Home GateWay/Hikari Denwa router RT-500MI: 08.00.0004 and previous versions
Home GateWay/Hikari Denwa router PR-600MI: 01.00.0008 and previous versions
Home GateWay/Hikari Denwa router RX-600MI: 01.00.0008 and previous versions

SB2024092454 - Spoofing attack in NTT EAST Home GateWay/Hikari Denwa routers

Breakdown by Severity

Description

Remediation

References

Please verify you're human