CVE-2016-1228: CSRF
First published: Sun Jul 03 2016(Updated: )
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ntt-west Pr-400mi Firmware | <=07.00.1005 | |
| Ntt-west Pr-400mi | ||
| Ntt-west Rt-400mi Firmware | <=07.00.1005 | |
| Ntt-west Rt-400mi | ||
| Ntt-west Rv-440mi Firmware | <=07.00.1005 | |
| Ntt-west Rv-440mi | ||
| Ntt-east Pr-400mi Firmware | =07.00.1006 | |
| Ntt-east Pr-400mi | ||
| Ntt-east Rt-400mi Firmware | <=07.00.1006 | |
| Ntt-east Rt-400mi | ||
| Ntt-east Rv-440mi Firmware | <=07.00.1006 | |
| Ntt-east Rv-440mi |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1228?
The severity of CVE-2016-1228 is classified as medium due to the potential for remote attackers to hijack user sessions.
How do I fix CVE-2016-1228?
To fix CVE-2016-1228, upgrade to the latest firmware versions for your NTT EAST or NTT WEST Hikari Denwa router.
Are all versions of NTT EAST Hikari Denwa routers vulnerable to CVE-2016-1228?
Not all versions are vulnerable; only those with firmware PR-400MI, RT-400MI, RV-440MI version 07.00.1006 and earlier are affected.
Are all versions of NTT WEST Hikari Denwa routers vulnerable to CVE-2016-1228?
Only NTT WEST Hikari Denwa routers with firmware versions PR-400MI, RT-400MI, RV-440MI version 07.00.1005 and earlier are vulnerable.
What type of vulnerability is CVE-2016-1228?
CVE-2016-1228 is a cross-site request forgery (CSRF) vulnerability that can allow attackers to perform unauthorized actions on behalf of users.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/ntt-west
- canonical/ntt-west pr-400mi firmware
- version/ntt-west pr-400mi firmware/07.00.1005
- canonical/ntt-west pr-400mi
- canonical/ntt-west rt-400mi firmware
- version/ntt-west rt-400mi firmware/07.00.1005
- canonical/ntt-west rt-400mi
- canonical/ntt-west rv-440mi firmware
- version/ntt-west rv-440mi firmware/07.00.1005
- canonical/ntt-west rv-440mi
- vendor/ntt-east
- canonical/ntt-east pr-400mi firmware
- version/ntt-east pr-400mi firmware/07.00.1006
- canonical/ntt-east pr-400mi
- canonical/ntt-east rt-400mi firmware
- version/ntt-east rt-400mi firmware/07.00.1006
- canonical/ntt-east rt-400mi
- canonical/ntt-east rv-440mi firmware
- version/ntt-east rv-440mi firmware/07.00.1006
- canonical/ntt-east rv-440mi