Sign-up

ID

VAR-201512-0092


CVE

CVE-2015-7282


TITLE

ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#167992

DESCRIPTION

ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. ReadyNetWRT300N-DDdeviceswithfirmware is a wireless router product from ReadyNet, New Zealand. There is a spoofing vulnerability in ReadyNetWRT300N-DDdeviceswithfirmware1.0.26. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker can exploit this vulnerability to forge response information

Trust: 3.24

sources: NVD: CVE-2015-7282 // CERT/CC: VU#167992 // JVNDB: JVNDB-2015-006573 // CNVD: CNVD-2016-00149 // BID: 78814 // VULHUB: VHN-85243

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00149

AFFECTED PRODUCTS

vendor:readynetmodel:wrt300n-ddscope:eqversion:1.0.26

Trust: 2.4

vendor:readynetmodel:wrt300n-ddscope:eqversion: -

Trust: 1.0

vendor:readynetmodel: - scope: - version: -

Trust: 0.8

vendor:readynetmodel:wrt300n-ddscope: - version: -

Trust: 0.8

vendor:readynetmodel:wrt300n-dd devices withscope:eqversion:1.0.26

Trust: 0.6

sources: CERT/CC: VU#167992 // CNVD: CNVD-2016-00149 // JVNDB: JVNDB-2015-006573 // CNNVD: CNNVD-201512-321 // NVD: CVE-2015-7282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7282
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7282
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00149
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-321
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7282
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00149
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85243
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7282
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00149 // VULHUB: VHN-85243 // JVNDB: JVNDB-2015-006573 // CNNVD: CNNVD-201512-321 // NVD: CVE-2015-7282

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-85243 // JVNDB: JVNDB-2015-006573 // NVD: CVE-2015-7282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-321

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006573

PATCH
title:WRT300N-DD WIRELESS ROUTERurl:http://www.readynetsolutions.com/products/wrt300n-dd-wireless-router/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006573

EXTERNAL IDS
db:CERT/CCid:VU#167992
Trust: 3.9
db:NVDid:CVE-2015-7282
Trust: 3.4
db:BIDid:78814
Trust: 2.0
db:JVNid:JVNVU91495836
Trust: 0.8
db:JVNDBid:JVNDB-2015-006573
Trust: 0.8
db:CNNVDid:CNNVD-201512-321
Trust: 0.7
db:CNVDid:CNVD-2016-00149
Trust: 0.6
db:VULHUBid:VHN-85243
Trust: 0.1
sources:
            
            
            CERT/CC: VU#167992 // 
            
            
            
            CNVD: CNVD-2016-00149 // 
            
            
            
            VULHUB: VHN-85243 // 
            
            
            
            BID: 78814 // 
            
            
            
            JVNDB: JVNDB-2015-006573 // 
            
            
            
            CNNVD: CNNVD-201512-321 // 
            
            
            
            NVD: CVE-2015-7282

REFERENCES
url:https://www.kb.cert.org/vuls/id/167992
Trust: 3.1
url:http://www.securityfocus.com/bid/78814
Trust: 1.7
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7282
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91495836/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7282
Trust: 0.8
sources:
            
            
            CERT/CC: VU#167992 // 
            
            
            
            CNVD: CNVD-2016-00149 // 
            
            
            
            VULHUB: VHN-85243 // 
            
            
            
            JVNDB: JVNDB-2015-006573 // 
            
            
            
            CNNVD: CNNVD-201512-321 // 
            
            
            
            NVD: CVE-2015-7282

CREDITS
Joel Land of the CERT/CC
Trust: 0.9
sources:
            
            
            BID: 78814 // 
            
            
            
            CNNVD: CNNVD-201512-321

SOURCES
db:CERT/CCid:VU#167992
db:CNVDid:CNVD-2016-00149
db:VULHUBid:VHN-85243
db:BIDid:78814
db:JVNDBid:JVNDB-2015-006573
db:CNNVDid:CNNVD-201512-321
db:NVDid:CVE-2015-7282

LAST UPDATE DATE
2025-04-13T23:09:43.789000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#167992date:2015-12-10T00:00:00
db:CNVDid:CNVD-2016-00149date:2016-01-12T00:00:00
db:VULHUBid:VHN-85243date:2016-11-28T00:00:00
db:BIDid:78814date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006573date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201512-321date:2016-01-04T00:00:00
db:NVDid:CVE-2015-7282date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#167992date:2015-12-10T00:00:00
db:CNVDid:CNVD-2016-00149date:2016-01-12T00:00:00
db:VULHUBid:VHN-85243date:2015-12-31T00:00:00
db:BIDid:78814date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006573date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201512-321date:2015-12-11T00:00:00
db:NVDid:CVE-2015-7282date:2015-12-31T05:59:24.340