Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-47044 |
CWE-ID | CWE-451 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Hikari Denwa router RT-400MI Hardware solutions / Routers & switches, VoIP, GSM, etc Hikari Denwa router PR-400MI Hardware solutions / Routers & switches, VoIP, GSM, etc Hikari Denwa router RV-440MI Hardware solutions / Routers & switches, VoIP, GSM, etc Home GateWay/Hikari Denwa router PR-500MI Hardware solutions / Routers & switches, VoIP, GSM, etc Home GateWay/Hikari Denwa router RS-500MI Hardware solutions / Routers & switches, VoIP, GSM, etc Home GateWay/Hikari Denwa router RT-500MI Hardware solutions / Routers & switches, VoIP, GSM, etc Home GateWay/Hikari Denwa router PR-600MI Hardware solutions / Routers & switches, VoIP, GSM, etc Home GateWay/Hikari Denwa router RX-600MI Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Nippon Telegraph and Telephone East Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU97671
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47044
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker who identified WAN-side IPv6 address can access the product's Device Setting page via WAN-side.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHikari Denwa router RT-400MI: 09.00.0015
Hikari Denwa router PR-400MI: 09.00.0015
Hikari Denwa router RV-440MI: 09.00.0015
Home GateWay/Hikari Denwa router PR-500MI: 08.00.0004
Home GateWay/Hikari Denwa router RS-500MI: 08.00.0004
Home GateWay/Hikari Denwa router RT-500MI: 08.00.0004
Home GateWay/Hikari Denwa router PR-600MI: 01.00.0008
Home GateWay/Hikari Denwa router RX-600MI: 01.00.0008
CPE2.3http://jvn.jp/en/jp/JVN78356367/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.