CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-1228
https://notcve.org/view.php?id=CVE-2016-1228
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad CSRF en routers NTT EAST Hikari Denwa con firmware PR-400MI, RT-400MI y RV-440MI 07.00.1006 y versiones anteriores y routers NTT WEST Hikari Denwa con firmware PR-400MI, RT-400MI y RV-440MI 07.00.1005 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jvn.jp/en/jp/JVN45034304/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000106 http://web116.jp/ced/support/news/contents/2016/20160627.html http://www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2016-1227
https://notcve.org/view.php?id=CVE-2016-1227
NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Routers NTT EAST Hikari Denwa con firmware PR-400MI, RT-400MI y RV-440MI 07.00.1006 y versiones anteriores y routers NTT WEST Hikari Denwa con firmware PR-400MI, RT-400MI y RV-440MI 07.00.1005 y versiones anteriores, permiten a usuarios remotos autenticados ejecutar comandos SO arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN77403442/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000105 http://web116.jp/ced/support/news/contents/2016/20160627.html http://www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html •