PT-2015-3212 · Belkin · Belkin F9K1102
Joel Land
·
Publicado
2015-12-31
·
Atualizado
2015-12-31
·
CVE-2015-5987
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Belkin F9K1102 version 2.10.17
Description
The issue exists due to the use of an improper algorithm for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by predicting the value of this variable,
ID.Recommendations
For Belkin F9K1102 version 2.10.17, consider updating the firmware to a version that uses a proper algorithm for selecting the ID value in the DNS query header, as a temporary workaround, restrict access to the DNS query functionality to minimize the risk of exploitation.
Correção
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Belkin F9K1102