CVE-2015-8262 — MEDIUM (6.8)

Vulnerability Description

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Buffalotech	Airstation Extreme N600 Firmware	2.09
Buffalotech	Airstation Extreme N600	All versions

References

http://www.securityfocus.com/bid/78877
https://www.kb.cert.org/vuls/id/646008Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/78877
https://www.kb.cert.org/vuls/id/646008Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-8262?

CVE-2015-8262 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof re...

How severe is CVE-2015-8262?

CVE-2015-8262 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8262?

Check the references section above for vendor advisories and patch information. Affected products include: Buffalotech Airstation Extreme N600 Firmware, Buffalotech Airstation Extreme N600.