CVE-2015-7282

{"id": "CVE-2015-7282", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2015-12-31T05:59:24.340", "references": [{"url": "http://www.securityfocus.com/bid/78814", "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/167992", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/78814", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/167992", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port."}, {"lang": "es", "value": "Dispositivos ReadyNet WRT300N-DD con firmware 1.0.26 utilizan el mismo n\u00famero de puerto origen para todas las consulta DNS, lo que hace m\u00e1s f\u00e1cil para atacantes remotos suplantar respuestas seleccionando ese n\u00famero para el puerto destino."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:readynet_solutions:wrt300n-dd_firmware:1.0.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F916B9-0067-443F-AB4D-C64ECF93A754"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:readynet_solutions:wrt300n-dd:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75299693-129C-4040-A88E-DC9D4642E178"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}