CVE-2015-8263

{"id": "CVE-2015-8263", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2015-12-27T03:59:05.863", "references": [{"url": "http://www.securityfocus.com/bid/78873", "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/403568", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/78873", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/403568", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port."}, {"lang": "es", "value": "Dispositivos NETGEAR WNR1000v3 con firmware 1.0.2.68 utilizan el mismo n\u00famero de puerto origen para cada consulta DNS, lo que facilita a atacantes remotos suplantar respuestas seleccionando ese n\u00famero para el puerto de destino."}], "lastModified": "2024-11-21T02:38:12.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr1000v3_firmware:1.0.2.68:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73BBD71-D00F-4065-98BA-59222F45DAAD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr1000v3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517FD74D-EBCB-4F96-B765-7DEA40D56685"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/330.html\">CWE-330: Use of Insufficiently Random Values</a>", "sourceIdentifier": "cret@cert.org"}