CVE-2024-47044

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47044

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

M

ultiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.

References
Link Resource
https://jvn.jp/en/jp/JVN78356367/
https://web116.jp/ced/support/news/contents/2024/20240930.html
https://web116.jp/ced/support/version/broadband/500mi/
https://web116.jp/ced/support/version/broadband/600mi/
https://web116.jp/ced/support/version/broadband/pr_400mi/
https://web116.jp/ced/support/version/broadband/rt_400mi/
https://web116.jp/ced/support/version/broadband/rv_440mi/
Configurations

No configuration.

History

17 Oct 2024, 02:15

Type Values Removed Values Added
References
  • () https://web116.jp/ced/support/news/contents/2024/20240930.html -

26 Sep 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Varios enrutadores Home GateWay/Hikari Denwa proporcionados por NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION son vulnerables a restricciones de acceso insuficientes para las páginas de configuración de dispositivos. Si se explota esta vulnerabilidad, un atacante que identifique la dirección IPv6 del lado WAN puede acceder a la página de configuración de dispositivos del producto a través del lado WAN. Tenga en cuenta que NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION también proporciona los mismos productos, pero la vulnerabilidad solo afecta a los productos suscritos y utilizados en las áreas de NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION.

26 Sep 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-26 09:15

Updated : 2024-10-17 02:15

NVD link : CVE-2024-47044

Mitre link : CVE-2024-47044

CVE.ORG link : CVE-2024-47044

JSON object : View

Products Affected

No product.

CWE
CWE-451

User Interface (UI) Misrepresentation of Critical Information