|
[Japanese]
|
JVNDB-2015-000203
|
CG-WLNCM4G may behave as an open resolver
|
|
CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver.
SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
|
|
|
Corega Inc
|
|
|
The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack.
|
|
[Do not use CG-WLNCM4G]
As of December 25, 2015, there are no practical solutions to this issue.
It is recommended to stop using CG-WLNCM4G according to the information provided by the developer.
According to the developer, the following products are not affected by this issue.
* CG-NCBU031A
* CG-NCVD031A
* CG-NCDO011A
* CG-NCPFE011A
* CG-NCPVD032A
[Apply a Workaround]
The following workaround may mitigate the affects of this issue.
* Restrict access to the product from the internet, through router settings or other functions
|
|
Corega Inc
|
|
- Permissions(CWE-264) [IPA Evaluation]
|
|
- CVE-2015-7794
|
|
- JVN : JVN#51250073
- National Vulnerability Database (NVD) : CVE-2015-7794
|
|
- [2015/12/25]
Web page was published
[2016/01/07]
References : Content was added
|
