VAR-201512-0089
Vulnerability from variot - Updated: 2025-04-13 23:03Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Supplementary information : CWE Vulnerability type by CWE-331: Insufficient Entropy ( Lack of entropy ) Has been identified. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker can exploit this vulnerability to forge response information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r10000",
"scope": "eq",
"trust": 1.6,
"vendor": "ampedwireless",
"version": "2.5.2.11"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amped",
"version": null
},
{
"model": "wireless r10000",
"scope": null,
"trust": 0.8,
"vendor": "amped",
"version": null
},
{
"model": "wireless r10000",
"scope": "eq",
"trust": 0.8,
"vendor": "amped",
"version": "2.5.2.11"
},
{
"model": "wireless r10000 devices with",
"scope": "eq",
"trust": 0.6,
"vendor": "amped",
"version": "2.5.2.11"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ampedwireless:r10000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ampedwireless:r10000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "78818"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7279",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00147",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-85240",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7279",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7279",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7279",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00147",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85240",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "VULHUB",
"id": "VHN-85240"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Supplementary information : CWE Vulnerability type by CWE-331: Insufficient Entropy ( Lack of entropy ) Has been identified. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. \nAn attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker\u0027s behalf using a victim\u0027s currently active session. A remote attacker can exploit this vulnerability to forge response information",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7279"
},
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "BID",
"id": "78818"
},
{
"db": "VULHUB",
"id": "VHN-85240"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#763576",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-7279",
"trust": 3.4
},
{
"db": "BID",
"id": "78818",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU99863047",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00147",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85240",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "VULHUB",
"id": "VHN-85240"
},
{
"db": "BID",
"id": "78818"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"id": "VAR-201512-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "VULHUB",
"id": "VHN-85240"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00147"
}
]
},
"last_update_date": "2025-04-13T23:03:36.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "High Power Wireless-N 600mW Smart Router R10000",
"trust": 0.8,
"url": "http://www.ampedwireless.com/products/r10000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/763576"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78818"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7279"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99863047/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7279"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "VULHUB",
"id": "VHN-85240"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"db": "VULHUB",
"id": "VHN-85240"
},
{
"db": "BID",
"id": "78818"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-10T00:00:00",
"db": "CERT/CC",
"id": "VU#763576"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-85240"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78818"
},
{
"date": "2016-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"date": "2015-12-31T05:59:21.337000",
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-10T00:00:00",
"db": "CERT/CC",
"id": "VU#763576"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00147"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85240"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78818"
},
{
"date": "2016-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006586"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-318"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Amped Wireless R10000 router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-318"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…