Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for FON2601E-FSW-S firmware by FON Wireless Limited

jvndb-2019-009884

Vulnerability from jvndb

Published

2019-10-02 10:59

Modified

2019-12-27 18:05

Severity ?

5.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Summary

FON routers may behave as an open resolver

Details

FON routers contain an issue where they may behave as open resolvers. A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver". FON routers contain an issue where they may behave as open resolvers. Hideyoshi Okazaki of ARTERIA Networks Corporation reported this vulnerability to JPCERT/CC, and JPCERT/CC coordinated with the developer.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU94678942/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6015
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6015

Impacted products

Vendor

Product

	FON Wireless Limited	FON2601E-FSW-S firmware
	FON Wireless Limited	FON2601E-RE firmware
	FON Wireless Limited	FON2601E-SE firmware
	FON Wireless Limited	FON2601E-FSW-B firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-009884.html",
  "dc:date": "2019-12-27T18:05+09:00",
  "dcterms:issued": "2019-10-02T10:59+09:00",
  "dcterms:modified": "2019-12-27T18:05+09:00",
  "description": "FON routers contain an issue where they may behave as open resolvers.\r\n\r\nA device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called \"Open Resolver\".\r\nFON routers contain an issue where they may behave as open resolvers.\r\n\r\nHideyoshi Okazaki of ARTERIA Networks Corporation reported this vulnerability to JPCERT/CC, and JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-009884.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:fon:fon_fon2601e-fsw-s_firmware",
      "@product": "FON2601E-FSW-S firmware",
      "@vendor": "FON Wireless Limited",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fon:fon_fon2601e-re_firmware",
      "@product": "FON2601E-RE firmware",
      "@vendor": "FON Wireless Limited",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fon:fon_fon2601e-se_firmware",
      "@product": "FON2601E-SE firmware",
      "@vendor": "FON Wireless Limited",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fon:fon_fon2601fsw-b_firmware",
      "@product": "FON2601E-FSW-B firmware",
      "@vendor": "FON Wireless Limited",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-009884",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU94678942/index.html",
      "@id": "JVNVU#94678942",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6015",
      "@id": "CVE-2019-6015",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6015",
      "@id": "CVE-2019-6015",
      "@source": "NVD"
    }
  ],
  "title": "FON routers may behave as an open resolver"
}