PT-2015-3212 · Belkin · Belkin F9K1102

Joel Land

Published

2015-12-31

Updated

2015-12-31

CVE-2015-5987

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Belkin F9K1102 version 2.10.17

Description The issue exists due to the use of an improper algorithm for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by predicting the value of this variable, ID.

Recommendations For Belkin F9K1102 version 2.10.17, consider updating the firmware to a version that uses a proper algorithm for selecting the ID value in the DNS query header, as a temporary workaround, restrict access to the DNS query functionality to minimize the risk of exploitation.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

BDU:2016-00932

CVE-2015-5987

Affected Products

Belkin F9K1102

PT-2015-3212 · Belkin · Belkin F9K1102

CVE-2015-5987

Weakness Enumeration

Related Identifiers

Affected Products

References · 3