Описание
User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-47045
- https://jvn.jp/en/jp/JVN57749899
- https://jvn.jp/en/jp/JVN78356367
- https://web116.jp/ced/support/version/broadband/500mi
- https://web116.jp/ced/support/version/broadband/600mi
- https://web116.jp/ced/support/version/broadband/pr_400mi
- https://web116.jp/ced/support/version/broadband/rt_400mi
- https://web116.jp/ced/support/version/broadband/rv_440mi
- https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm
Связанные уязвимости
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.