Vulnerabilities > CVE-2015-7279 - Cross-Site Request Forgery vulnerability in Ampedwireless R10000 Firmware 2.5.2.11

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
ampedwireless

Summary

Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>

Vulnerable Configurations

Part Description Count
OS
Ampedwireless
1
Hardware
Ampedwireless
1