[Japanese]
|
JVNDB-2019-009884
|
FON routers may behave as an open resolver
|
FON routers contain an issue where they may behave as open resolvers.
A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver".
FON routers contain an issue where they may behave as open resolvers.
Hideyoshi Okazaki of ARTERIA Networks Corporation reported this vulnerability to JPCERT/CC, and JPCERT/CC coordinated with the developer.
|
CVSS V3 Severity: Base Metrics 5.8 (Medium) [JPCERT/CC Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity: Base Metrics 5.0 (Medium) [JPCERT/CC Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
|
|
FON Wireless Limited
- FON2601E-FSW-B firmware versions 1.1.7 and earlier
- FON2601E-FSW-S firmware versions 1.1.7 and earlier
- FON2601E-RE firmware versions 1.1.7 and earlier
- FON2601E-SE firmware versions 1.1.7 and earlier
|
|
The device may be leveraged for DNS amplification attacks to some other entities.
|
[Update Firmware]
Apply the latest firmware update according to the information provided by the developer.
|
FON Wireless Limited
|
|
- CVE-2019-6015
|
- JVN : JVNVU#94678942
- National Vulnerability Database (NVD) : CVE-2019-6015
|
- [2019/10/02]
Web page was published
- [2019/12/27]
References : Content was added
|