Sign-up

ID

VAR-201910-0210


CVE

CVE-2019-6015


TITLE

FON routers may behave as an open resolver

Trust: 0.8

sources: JVNDB: JVNDB-2019-009884

DESCRIPTION

FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities. A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver". Fon Wireless FON2601E-SE and so on are a kind of wireless router of Spain Fon Wireless company. A remote attacker could exploit this vulnerability with a specially crafted request to cause the device to stop responding

Trust: 2.25

sources: NVD: CVE-2019-6015 // JVNDB: JVNDB-2019-009884 // CNVD: CNVD-2019-44987 // VULHUB: VHN-157450

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44987

AFFECTED PRODUCTS

vendor:fonmodel:fon2601e-fsw-bscope:lteversion:1.1.7

Trust: 1.8

vendor:fonmodel:fon2601e-fsw-sscope:lteversion:1.1.7

Trust: 1.8

vendor:fonmodel:fon2601e-rescope:lteversion:1.1.7

Trust: 1.8

vendor:fonmodel:fon2601e-sescope:lteversion:1.1.7

Trust: 1.8

vendor:fonmodel:wireless fon2601e-sescope:lteversion:<=1.1.7

Trust: 0.6

vendor:fonmodel:wireless fon2601e-rescope:lteversion:<=1.1.7

Trust: 0.6

vendor:fonmodel:wireless fon2601e-fsw-sscope:lteversion:<=1.1.7

Trust: 0.6

vendor:fonmodel:wireless fon2601e-fsw-bscope:lteversion:<=1.1.7

Trust: 0.6

sources: CNVD: CNVD-2019-44987 // JVNDB: JVNDB-2019-009884 // NVD: CVE-2019-6015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6015
value: HIGH

Trust: 1.0

JPCERT/CC: JVNDB-2019-009884
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44987
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-190
value: HIGH

Trust: 0.6

VULHUB: VHN-157450
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6015
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-009884
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-44987
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-157450
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6015
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

JPCERT/CC: JVNDB-2019-009884
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44987 // VULHUB: VHN-157450 // JVNDB: JVNDB-2019-009884 // CNNVD: CNNVD-201910-190 // NVD: CVE-2019-6015

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-157450 // NVD: CVE-2019-6015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-190

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009884

PATCH
title:About an issue as an open resolver and its impacturl:https://fonjapan.zendesk.com/hc/ja/articles/360000558942
Trust: 0.8
title:Patch for Multiple FON Product Input Validation Error Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/193861
Trust: 0.6
title:FON routers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98921
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44987 // 
            
            
            
            JVNDB: JVNDB-2019-009884 // 
            
            
            
            CNNVD: CNNVD-201910-190

EXTERNAL IDS
db:NVDid:CVE-2019-6015
Trust: 3.1
db:JVNid:JVNVU94678942
Trust: 2.5
db:JVNDBid:JVNDB-2019-009884
Trust: 1.4
db:CNNVDid:CNNVD-201910-190
Trust: 0.7
db:CNVDid:CNVD-2019-44987
Trust: 0.6
db:VULHUBid:VHN-157450
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44987 // 
            
            
            
            VULHUB: VHN-157450 // 
            
            
            
            JVNDB: JVNDB-2019-009884 // 
            
            
            
            CNNVD: CNNVD-201910-190 // 
            
            
            
            NVD: CVE-2019-6015

REFERENCES
url:http://jvn.jp/en/vu/jvnvu94678942/index.html
Trust: 2.5
url:https://fonjapan.zendesk.com/hc/ja/articles/360000558942
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6015
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6015
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-009884.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44987 // 
            
            
            
            VULHUB: VHN-157450 // 
            
            
            
            JVNDB: JVNDB-2019-009884 // 
            
            
            
            CNNVD: CNNVD-201910-190 // 
            
            
            
            NVD: CVE-2019-6015

SOURCES
db:CNVDid:CNVD-2019-44987
db:VULHUBid:VHN-157450
db:JVNDBid:JVNDB-2019-009884
db:CNNVDid:CNNVD-201910-190
db:NVDid:CVE-2019-6015

LAST UPDATE DATE
2024-11-23T21:59:40.559000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44987date:2019-12-12T00:00:00
db:VULHUBid:VHN-157450date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009884date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201910-190date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6015date:2024-11-21T04:45:55.100

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44987date:2019-12-12T00:00:00
db:VULHUBid:VHN-157450date:2019-10-04T00:00:00
db:JVNDBid:JVNDB-2019-009884date:2019-10-02T00:00:00
db:CNNVDid:CNNVD-201910-190date:2019-10-04T00:00:00
db:NVDid:CVE-2019-6015date:2019-10-04T19:15:10.400