[Japanese]

JVNDB-2019-009884

FON routers may behave as an open resolver

Overview

FON routers contain an issue where they may behave as open resolvers.

A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver".
FON routers contain an issue where they may behave as open resolvers.

Hideyoshi Okazaki of ARTERIA Networks Corporation reported this vulnerability to JPCERT/CC, and JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.8 (Medium) [JPCERT/CC Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [JPCERT/CC Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


FON Wireless Limited
  • FON2601E-FSW-B firmware versions 1.1.7 and earlier
  • FON2601E-FSW-S firmware versions 1.1.7 and earlier
  • FON2601E-RE firmware versions 1.1.7 and earlier
  • FON2601E-SE firmware versions 1.1.7 and earlier

Impact

The device may be leveraged for DNS amplification attacks to some other entities.
Solution

[Update Firmware]
Apply the latest firmware update according to the information provided by the developer.
Vendor Information

FON Wireless Limited
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2019-6015
References

  1. JVN : JVNVU#94678942
  2. National Vulnerability Database (NVD) : CVE-2019-6015
Revision History

  • [2019/10/02]
      Web page was published
  • [2019/12/27]
      References : Content was added