R10000 Firmware
CVE-2015-7279
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
AnalysisAI
Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Affected products include: Ampedwireless R10000 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in R10000 Firmware
View allThe web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote at
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today