CVE-2020-5548

moderate-risk
Published 2020-04-01

Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (10)

Rtx830 Firmware
Nvr510 Firmware
Nvr700W Firmware
Rtx1210 Firmware
Rtx5000 Firmware
Rtx3500 Firmware
Fwx120 Firmware
Rtx810 Firmware
Nvr500 Firmware
Rtx1200 Firmware

Affected Vendors

Yamaha

References (4)

Mitigation http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html
Third Party Advisory https://jvn.jp/en/jp/JVN38732359/index.html
Mitigation http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN38732359.html
Third Party Advisory https://jvn.jp/en/jp/JVN38732359/index.html
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 4/34 · Minimal
Exposure 16/34 · Moderate