Details of VAR-201512-0331

ID

VAR-201512-0331

CVE

CVE-2015-8263

TITLE

Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries

Trust: 0.8

sources: CERT/CC: VU#403568

DESCRIPTION

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. Netgear Wireless provided by LAN Router WNR1000v3 Has the problem of using insufficient random values. The attacker DNS By spoofing, LAN It is possible to guide the terminal inside to a malicious server. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.htmlBy a remote attacker DNS The response is forged, LAN May be directed to a malicious server. The Netgear G54/N150 WNR1000v3 has a security bypass vulnerability that allows remote attackers to exploit this vulnerability to bypass security restrictions and gain unauthorized access. This may aid in further attacks. The following products are vulnerable: Netgear G54 WNR1000v3 running firmware version 1.0.2.68 and prior. Netgear N150 WNR1000v3 running firmware version 1.0.2.68 and prior

Trust: 3.24

sources: NVD: CVE-2015-8263 // CERT/CC: VU#403568 // JVNDB: JVNDB-2015-006310 // CNVD: CNVD-2015-08420 // BID: 78873 // VULHUB: VHN-86224

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08420

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr1000v3	scope:	eq	version:	1.0.2.68	Trust: 1.6
vendor:	netgear	model:	wnr1000v3	scope:	eq	version:	*	Trust: 1.0
vendor:	netgear	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	wnr1000v3	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	wnr1000v3	scope:	eq	version:	version 1.0.2.68	Trust: 0.8
vendor:	netgear	model:	g54/n150 wnr1000v3 router	scope:	lte	version:	<=1.0.2.68	Trust: 0.6

sources: CERT/CC: VU#403568 // CNVD: CNVD-2015-08420 // JVNDB: JVNDB-2015-006310 // CNNVD: CNNVD-201512-413 // NVD: CVE-2015-8263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8263
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-8263
value:	MEDIUM
Trust: 0.8
IPA:	JVNDB-2015-006310
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-08420
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-413
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-86224
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-8263
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2015-8263
severity:	MEDIUM
baseScore:	5.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2015-006310
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2015-08420
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-86224
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8263
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0

sources: CERT/CC: VU#403568 // CNVD: CNVD-2015-08420 // VULHUB: VHN-86224 // JVNDB: JVNDB-2015-006310 // CNNVD: CNNVD-201512-413 // NVD: CVE-2015-8263

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-006310 // NVD: CVE-2015-8263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-413

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201512-413

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006310

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#403568

PATCH

title:

WNR1000v3

url:

http://support.netgear.com/product/WNR1000v3

Trust: 0.8

sources: JVNDB: JVNDB-2015-006310

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8263	Trust: 3.4
db:	CERT/CC	id:	VU#403568	Trust: 3.3
db:	BID	id:	78873	Trust: 2.6
db:	JVN	id:	JVNVU95026985	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006310	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-413	Trust: 0.7
db:	CNVD	id:	CNVD-2015-08420	Trust: 0.6
db:	SEEBUG	id:	SSVID-90179	Trust: 0.1
db:	VULHUB	id:	VHN-86224	Trust: 0.1

sources: CERT/CC: VU#403568 // CNVD: CNVD-2015-08420 // VULHUB: VHN-86224 // BID: 78873 // JVNDB: JVNDB-2015-006310 // CNNVD: CNNVD-201512-413 // NVD: CVE-2015-8263

REFERENCES

url:	https://www.kb.cert.org/vuls/id/403568	Trust: 2.5
url:	http://www.securityfocus.com/bid/78873	Trust: 2.3
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8263	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95026985/index.html	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8263	Trust: 0.8
url:	http://www.netgear.com	Trust: 0.3

sources: CERT/CC: VU#403568 // CNVD: CNVD-2015-08420 // VULHUB: VHN-86224 // BID: 78873 // JVNDB: JVNDB-2015-006310 // CNNVD: CNNVD-201512-413 // NVD: CVE-2015-8263

CREDITS

Joel Land of the CERT/CC

Trust: 0.9

sources: BID: 78873 // CNNVD: CNNVD-201512-413

SOURCES

db:	CERT/CC	id:	VU#403568
db:	CNVD	id:	CNVD-2015-08420
db:	VULHUB	id:	VHN-86224
db:	BID	id:	78873
db:	JVNDB	id:	JVNDB-2015-006310
db:	CNNVD	id:	CNNVD-201512-413
db:	NVD	id:	CVE-2015-8263

LAST UPDATE DATE

2024-11-23T22:22:48.469000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#403568	date:	2015-12-10T00:00:00
db:	CNVD	id:	CNVD-2015-08420	date:	2015-12-23T00:00:00
db:	VULHUB	id:	VHN-86224	date:	2016-11-28T00:00:00
db:	BID	id:	78873	date:	2016-01-12T02:04:00
db:	JVNDB	id:	JVNDB-2015-006310	date:	2016-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201512-413	date:	2015-12-28T00:00:00
db:	NVD	id:	CVE-2015-8263	date:	2024-11-21T02:38:12.073

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#403568	date:	2015-12-10T00:00:00
db:	CNVD	id:	CNVD-2015-08420	date:	2015-12-23T00:00:00
db:	VULHUB	id:	VHN-86224	date:	2015-12-27T00:00:00
db:	BID	id:	78873	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006310	date:	2015-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201512-413	date:	2015-12-15T00:00:00
db:	NVD	id:	CVE-2015-8263	date:	2015-12-27T03:59:05.863