VYPR
Vendor

Yamaha

Products
57
CVEs
15
Across products
78
Status
Private

Products

57
View all 57 products →

Recent CVEs

15
  • CVE-2024-48542HigOct 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2008-2173HigMay 13, 2008
    risk 0.49cvss 7.5epss 0.01

    Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.

  • CVE-2026-37100MedApr 16, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol

  • CVE-2017-10890MedNov 17, 2017
    risk 0.30cvss 4.6epss 0.00

    Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows…

  • CVE-2005-0356May 31, 2005
    risk 0.10cvss epss 0.83

    Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later…

  • CVE-1999-0946Nov 2, 1999
    risk 0.03cvss epss 0.02

    Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.

  • CVE-2024-22366Jan 24, 2024
    risk 0.00cvss epss 0.00

    Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be…

  • CVE-2021-20844Nov 24, 2021
    risk 0.00cvss epss 0.01

    Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to…

  • CVE-2021-20843Nov 24, 2021
    risk 0.00cvss epss 0.01

    Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a…

  • CVE-2020-5548Apr 1, 2020
    risk 0.00cvss epss 0.01

    Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76…

  • CVE-2018-0666Jan 9, 2019
    risk 0.00cvss epss 0.01

    Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration…

  • CVE-2018-0665Jan 9, 2019
    risk 0.00cvss epss 0.01

    Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration…

  • CVE-2013-7310Jan 23, 2014
    risk 0.00cvss epss 0.01

    The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing…

  • CVE-2011-1323May 9, 2011
    risk 0.00cvss epss 0.02

    Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted…

  • CVE-2008-0524Jan 31, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.