VAR-201512-0092
Vulnerability from variot - Updated: 2025-04-13 23:09ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. ReadyNetWRT300N-DDdeviceswithfirmware is a wireless router product from ReadyNet, New Zealand. There is a spoofing vulnerability in ReadyNetWRT300N-DDdeviceswithfirmware1.0.26. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker can exploit this vulnerability to forge response information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt300n-dd",
"scope": "eq",
"trust": 2.4,
"vendor": "readynet",
"version": "1.0.26"
},
{
"model": "wrt300n-dd",
"scope": "eq",
"trust": 1.0,
"vendor": "readynet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "readynet",
"version": null
},
{
"model": "wrt300n-dd",
"scope": null,
"trust": 0.8,
"vendor": "readynet",
"version": null
},
{
"model": "wrt300n-dd devices with",
"scope": "eq",
"trust": 0.6,
"vendor": "readynet",
"version": "1.0.26"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#167992"
},
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:readynet_solutions:wrt300n-dd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:readynet_solutions:wrt300n-dd_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "78814"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7282",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00149",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-85243",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7282",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7282",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7282",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "VULHUB",
"id": "VHN-85243"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. ReadyNetWRT300N-DDdeviceswithfirmware is a wireless router product from ReadyNet, New Zealand. There is a spoofing vulnerability in ReadyNetWRT300N-DDdeviceswithfirmware1.0.26. \nAn attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker\u0027s behalf using a victim\u0027s currently active session. A remote attacker can exploit this vulnerability to forge response information",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7282"
},
{
"db": "CERT/CC",
"id": "VU#167992"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "BID",
"id": "78814"
},
{
"db": "VULHUB",
"id": "VHN-85243"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#167992",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-7282",
"trust": 3.4
},
{
"db": "BID",
"id": "78814",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU91495836",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00149",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85243",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#167992"
},
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "VULHUB",
"id": "VHN-85243"
},
{
"db": "BID",
"id": "78814"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"id": "VAR-201512-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "VULHUB",
"id": "VHN-85243"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00149"
}
]
},
"last_update_date": "2025-04-13T23:09:43.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WRT300N-DD WIRELESS ROUTER",
"trust": 0.8,
"url": "http://www.readynetsolutions.com/products/wrt300n-dd-wireless-router/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85243"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/167992"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78814"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7282"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91495836/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7282"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#167992"
},
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "VULHUB",
"id": "VHN-85243"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#167992"
},
{
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"db": "VULHUB",
"id": "VHN-85243"
},
{
"db": "BID",
"id": "78814"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-10T00:00:00",
"db": "CERT/CC",
"id": "VU#167992"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-85243"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78814"
},
{
"date": "2016-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"date": "2015-12-31T05:59:24.340000",
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-10T00:00:00",
"db": "CERT/CC",
"id": "VU#167992"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00149"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85243"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78814"
},
{
"date": "2016-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006573"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-321"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7282"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#167992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-321"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…