Details of VAR-201105-0129

ID

VAR-201105-0129

CVE

CVE-2011-1326

TITLE

La Fonera+ vulnerable to denial-of-service (DoS)

Trust: 0.8

sources: JVNDB: JVNDB-2011-000027

DESCRIPTION

Unspecified vulnerability on the La Fonera+ router with firmware before 1.7.0.1 allows remote attackers to cause a denial of service via unknown vectors. La Fonera+ provided by FON contains a denial-of-service (DoS) vulnerability. La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service (DoS) vulnerability.An attacker who can communicate with La Fonera+ directly may cause a denial-of-service (DoS). Successful exploits will cause the device to crash, denying service to legitimate users. ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FON La Fonera+ Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44508 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44508/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44508 RELEASE DATE: 2011-05-12 DISCUSS ADVISORY: http://secunia.com/advisories/44508/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44508/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44508 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FON La Fonera+, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. SOLUTION: Reportedly, the vendor has released a fixed version. PROVIDED AND/OR DISCOVERED BY: Reported in a JVN note. ORIGINAL ADVISORY: JVN#96839637: http://jvn.jp/jp/JVN96839637/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2011-1326 // JVNDB: JVNDB-2011-000027 // CNVD: CNVD-2011-1816 // BID: 47801 // VULHUB: VHN-49271 // PACKETSTORM: 101336

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-1816

AFFECTED PRODUCTS

vendor:	fon	model:	la fonera\+	scope:	eq	version:	1.1.1.2	Trust: 1.6
vendor:	fon	model:	la fonera\+	scope:	eq	version:	1.1.1.1	Trust: 1.6
vendor:	fon	model:	la fonera\+	scope:	lte	version:	1.1.2.1	Trust: 1.0
vendor:	fon	model:	la fonera\+	scope:	eq	version:	*	Trust: 1.0
vendor:	fon	model:	la fonera+	scope:	eq	version:	1.71	Trust: 0.9
vendor:	fon	model:	la fonera+	scope:	eq	version:	firmware version prior to 1.7.0.1	Trust: 0.8
vendor:	fon	model:	la fonera\+	scope:	eq	version:	1.1.2.1	Trust: 0.6

sources: CNVD: CNVD-2011-1816 // BID: 47801 // JVNDB: JVNDB-2011-000027 // CNNVD: CNNVD-201105-154 // NVD: CVE-2011-1326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1326
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2011-000027
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201105-154
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-49271
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-1326
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2011-000027
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-49271
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-49271 // JVNDB: JVNDB-2011-000027 // CNNVD: CNNVD-201105-154 // NVD: CVE-2011-1326

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-1326

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201105-154

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201105-154

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-000027

PATCH

title:	FON FAQs	url:	http://www.fon.ne.jp/faq/questions/135	Trust: 0.8
title:	Top Page	url:	http://www.fon.com/jp	Trust: 0.8
title:	FON La Fonera+ Patch for Unknown Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3835	Trust: 0.6

sources: CNVD: CNVD-2011-1816 // JVNDB: JVNDB-2011-000027

EXTERNAL IDS

db:	JVN	id:	JVN96839637	Trust: 3.5
db:	NVD	id:	CVE-2011-1326	Trust: 3.4
db:	BID	id:	47801	Trust: 2.8
db:	SECUNIA	id:	44508	Trust: 2.7
db:	JVNDB	id:	JVNDB-2011-000027	Trust: 2.5
db:	XF	id:	67405	Trust: 1.4
db:	CNNVD	id:	CNNVD-201105-154	Trust: 0.7
db:	CNVD	id:	CNVD-2011-1816	Trust: 0.6
db:	XFORCE.ISS.NET	id:	LAFONERAPLUS-UNSPECIFIED-DOS(67405)	Trust: 0.6
db:	JVN	id:	JVN#96839637	Trust: 0.6
db:	VULHUB	id:	VHN-49271	Trust: 0.1
db:	PACKETSTORM	id:	101336	Trust: 0.1

sources: CNVD: CNVD-2011-1816 // VULHUB: VHN-49271 // BID: 47801 // JVNDB: JVNDB-2011-000027 // PACKETSTORM: 101336 // CNNVD: CNNVD-201105-154 // NVD: CVE-2011-1326

REFERENCES

url:	http://www.securityfocus.com/bid/47801	Trust: 2.5
url:	http://secunia.com/advisories/44508	Trust: 2.5
url:	http://jvn.jp/en/jp/jvn96839637/index.html	Trust: 1.7
url:	http://jvndb.jvn.jp/jvndb/jvndb-2011-000027	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/67405	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/67405	Trust: 1.1
url:	http://jvn.jp/jp/jvn96839637/index.html	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1326	Trust: 0.8
url:	https://jvn.jp/en/jp/jvn96839637	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1326	Trust: 0.8
url:	http://en.fon.com/	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44508	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/44508/#comments	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/44508/	Trust: 0.1

sources: CNVD: CNVD-2011-1816 // VULHUB: VHN-49271 // BID: 47801 // JVNDB: JVNDB-2011-000027 // PACKETSTORM: 101336 // CNNVD: CNNVD-201105-154 // NVD: CVE-2011-1326

CREDITS

JVN

Trust: 0.3

sources: BID: 47801

SOURCES

db:	CNVD	id:	CNVD-2011-1816
db:	VULHUB	id:	VHN-49271
db:	BID	id:	47801
db:	JVNDB	id:	JVNDB-2011-000027
db:	PACKETSTORM	id:	101336
db:	CNNVD	id:	CNNVD-201105-154
db:	NVD	id:	CVE-2011-1326

LAST UPDATE DATE

2025-04-11T22:50:07.699000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1816	date:	2011-05-12T00:00:00
db:	VULHUB	id:	VHN-49271	date:	2017-08-17T00:00:00
db:	BID	id:	47801	date:	2011-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2011-000027	date:	2011-05-13T00:00:00
db:	CNNVD	id:	CNNVD-201105-154	date:	2011-05-16T00:00:00
db:	NVD	id:	CVE-2011-1326	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-1816	date:	2011-05-12T00:00:00
db:	VULHUB	id:	VHN-49271	date:	2011-05-13T00:00:00
db:	BID	id:	47801	date:	2011-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2011-000027	date:	2011-05-13T00:00:00
db:	PACKETSTORM	id:	101336	date:	2011-05-11T06:10:01
db:	CNNVD	id:	CNNVD-201105-154	date:	2011-05-12T00:00:00
db:	NVD	id:	CVE-2011-1326	date:	2011-05-13T22:55:01.657