JVN#38732359: Multiple Yamaha network devices vulnerable to denial-of-service (DoS)

Multiple network devices provided by Yamaha Corporation contain a denial-of-service (DoS) vulnerability (CWE-400) due to an issue in processing received packets.

Impact

A remote attacker may be able to cause a denial-of-service (DoS) condition.

Solution

Update the firmware
Update to the latest version of firmware according to the information provided by the developer.

Apply a workaround
If the latest version of firmware cannot be obtained or firmware update cannot be applied, one of the following workaround may mitigate the impact of this vulnerability as the workaround can stop the output of filter’s log.

• Stop the output of filter’s log by using the ip filter command to set pass-nolog, reject-nolog and restrict-nolog.
• Set syslog notice and stop output of NOTICE level’s log.

Products Affected

• Yamaha LTE VoIP Router
  • NVR700W firmware Rev.15.00.15 and earlier
• Yamaha Gigabit VoIP Router
  • NVR510 firmware Rev.15.01.14 and earlier
• Yamaha Gigabit VPN Router
  • RTX810 firmware Rev.11.01.33 and earlier
  • RTX830 firmware Rev.15.02.09 and earlier
  • RTX1200 firmware Rev.10.01.76 and earlier
  • RTX1210 firmware Rev.14.01.33 and earlier
  • RTX3500 firmware Rev.14.00.26 and earlier
  • RTX5000 firmware Rev.14.00.26 and earlier
• Yamaha Broadband VoIP Router
  • NVR500 firmware Rev.11.00.38 and earlier
• Yamaha Firewall
  • FWX120 firmware Rev.11.03.27 and earlier