Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-5548 |
CWE-ID | CWE-400 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Yamaha LTE VoIP Router Hardware solutions / Routers & switches, VoIP, GSM, etc Yamaha Gigabit VoIP Router Hardware solutions / Routers & switches, VoIP, GSM, etc Yamaha Gigabit VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Yamaha Broadband VoIP Router Hardware solutions / Routers & switches, VoIP, GSM, etc Yamaha Firewall Hardware solutions / Routers & switches, VoIP, GSM, etc NVR700W Hardware solutions / Firmware NVR510 Hardware solutions / Firmware NVR500 Hardware solutions / Firmware RTX810 Hardware solutions / Firmware RTX830 Hardware solutions / Firmware RTX1200 Hardware solutions / Firmware RTX1210 Hardware solutions / Firmware RTX3500 Hardware solutions / Firmware RTX5000 Hardware solutions / Firmware FWX120 Hardware solutions / Firmware |
Vendor | Yamaha Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU26467
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5548
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an issue in processing received packet. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsYamaha LTE VoIP Router: All versions
Yamaha Gigabit VoIP Router: All versions
Yamaha Gigabit VPN Router: All versions
Yamaha Broadband VoIP Router: All versions
Yamaha Firewall: All versions
NVR700W: 15.00.15
NVR510: 15.01.14
NVR500: 11.00.38
RTX810: 11.01.33
RTX830: 15.02.09
RTX1200: 10.01.76
RTX1210: 14.01.33
RTX3500: 14.00.26
RTX5000: 14.00.26
FWX120: 11.03.27
External linkshttp://jvn.jp/en/jp/JVN38732359/index.html
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.