Sign-up

ID

VAR-201512-0089


CVE

CVE-2015-7279


TITLE

Amped Wireless R10000 router contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#763576

DESCRIPTION

Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Supplementary information : CWE Vulnerability type by CWE-331: Insufficient Entropy ( Lack of entropy ) Has been identified. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker can exploit this vulnerability to forge response information

Trust: 3.24

sources: NVD: CVE-2015-7279 // CERT/CC: VU#763576 // JVNDB: JVNDB-2015-006586 // CNVD: CNVD-2016-00147 // BID: 78818 // VULHUB: VHN-85240

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00147

AFFECTED PRODUCTS

vendor:ampedwirelessmodel:r10000scope:eqversion:2.5.2.11

Trust: 1.6

vendor:ampedmodel: - scope: - version: -

Trust: 0.8

vendor:ampedmodel:wireless r10000scope: - version: -

Trust: 0.8

vendor:ampedmodel:wireless r10000scope:eqversion:2.5.2.11

Trust: 0.8

vendor:ampedmodel:wireless r10000 devices withscope:eqversion:2.5.2.11

Trust: 0.6

sources: CERT/CC: VU#763576 // CNVD: CNVD-2016-00147 // JVNDB: JVNDB-2015-006586 // CNNVD: CNNVD-201512-318 // NVD: CVE-2015-7279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7279
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7279
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00147
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-318
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85240
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7279
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00147
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85240
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7279
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00147 // VULHUB: VHN-85240 // JVNDB: JVNDB-2015-006586 // CNNVD: CNNVD-201512-318 // NVD: CVE-2015-7279

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-006586 // NVD: CVE-2015-7279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-318

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201512-318

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006586

PATCH
title:High Power Wireless-N 600mW Smart Router R10000url:http://www.ampedwireless.com/products/r10000.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006586

EXTERNAL IDS
db:CERT/CCid:VU#763576
Trust: 3.9
db:NVDid:CVE-2015-7279
Trust: 3.4
db:BIDid:78818
Trust: 2.0
db:JVNid:JVNVU99863047
Trust: 0.8
db:JVNDBid:JVNDB-2015-006586
Trust: 0.8
db:CNNVDid:CNNVD-201512-318
Trust: 0.7
db:CNVDid:CNVD-2016-00147
Trust: 0.6
db:VULHUBid:VHN-85240
Trust: 0.1
sources:
            
            
            CERT/CC: VU#763576 // 
            
            
            
            CNVD: CNVD-2016-00147 // 
            
            
            
            VULHUB: VHN-85240 // 
            
            
            
            BID: 78818 // 
            
            
            
            JVNDB: JVNDB-2015-006586 // 
            
            
            
            CNNVD: CNNVD-201512-318 // 
            
            
            
            NVD: CVE-2015-7279

REFERENCES
url:https://www.kb.cert.org/vuls/id/763576
Trust: 3.1
url:http://www.securityfocus.com/bid/78818
Trust: 1.7
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7279
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99863047/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7279
Trust: 0.8
sources:
            
            
            CERT/CC: VU#763576 // 
            
            
            
            CNVD: CNVD-2016-00147 // 
            
            
            
            VULHUB: VHN-85240 // 
            
            
            
            JVNDB: JVNDB-2015-006586 // 
            
            
            
            CNNVD: CNNVD-201512-318 // 
            
            
            
            NVD: CVE-2015-7279

CREDITS
Joel Land of the CERT/CC
Trust: 0.9
sources:
            
            
            BID: 78818 // 
            
            
            
            CNNVD: CNNVD-201512-318

SOURCES
db:CERT/CCid:VU#763576
db:CNVDid:CNVD-2016-00147
db:VULHUBid:VHN-85240
db:BIDid:78818
db:JVNDBid:JVNDB-2015-006586
db:CNNVDid:CNNVD-201512-318
db:NVDid:CVE-2015-7279

LAST UPDATE DATE
2025-04-13T23:03:36.618000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#763576date:2015-12-10T00:00:00
db:CNVDid:CNVD-2016-00147date:2016-01-12T00:00:00
db:VULHUBid:VHN-85240date:2016-11-28T00:00:00
db:BIDid:78818date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006586date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201512-318date:2016-01-04T00:00:00
db:NVDid:CVE-2015-7279date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#763576date:2015-12-10T00:00:00
db:CNVDid:CNVD-2016-00147date:2016-01-12T00:00:00
db:VULHUBid:VHN-85240date:2015-12-31T00:00:00
db:BIDid:78818date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006586date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201512-318date:2015-12-11T00:00:00
db:NVDid:CVE-2015-7279date:2015-12-31T05:59:21.337