Vulnerability Note VU#167992
ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities
ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries.
CWE-255: Credentials Management - CVE-2015-7280
The ReadyNet WRT300N-DD Wireless Router web administration interface uses non-random default credentials of admin:admin. A local area network attacker can gain privileged access to a vulnerable device's web management interfaces or leverage default credentials in remote attacks such as cross-site request forgery.
A remote, unauthenticated attacker may be able to spoof DNS responses to cause WRT300N-DD LAN clients to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request. A local area network attacker can take complete control of a device using default admin credentials.
The CERT/CC is currently unaware of a practical solution to this problem. Until these vulnerabilities are addressed, users should consider the following workarounds.
Restrict access and use strong passwords
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|ReadyNet||Affected||15 Sep 2015||10 Dec 2015|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.
- CVE IDs: CVE-2015-7280 CVE-2015-7281 CVE-2015-7282
- Date Public: 10 Dec 2015
- Date First Published: 10 Dec 2015
- Date Last Updated: 10 Dec 2015
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.