Vulnerability Note VU#763576
Amped Wireless R10000 router contains multiple vulnerabilities
Amped Wireless R10000 router, firmware version 18.104.22.168, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries.
CWE-255: Credentials Management - CVE-2015-7277
The Amped Wireless R10000 web administration interface uses non-random default credentials of admin:admin. A local area network attacker can gain privileged access to a vulnerable device's web management interfaces or leverage default credentials in remote attacks such as cross-site request forgery.
A remote, unauthenticated attacker may be able to spoof DNS responses to cause R10000 LAN clients to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request. A local area network attacker can take complete control of a device using default admin credentials.
The CERT/CC is currently unaware of a practical solution to this problem. Until these vulnerabilities are addressed, users should consider the following workarounds.
Restrict access and use strong passwords
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Amped Wireless||Affected||01 Jul 2015||12 Nov 2015|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.
- CVE IDs: CVE-2015-7277 CVE-2015-7278 CVE-2015-7279
- Date Public: 10 Dec 2015
- Date First Published: 10 Dec 2015
- Date Last Updated: 10 Dec 2015
- Document Revision: 28
If you have feedback, comments, or additional information about this vulnerability, please send us email.