CVE-2019-6015

FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
fonfon2601e-se_firmware
𝑥
≤ 1.1.7
fonfon2601e-re_firmware
𝑥
≤ 1.1.7
fonfon2601e-fsw-s_firmware
𝑥
≤ 1.1.7
fonfon2601e-fsw-b_firmware
𝑥
≤ 1.1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/vu/JVNVU94678942/index.html
https://fonjapan.zendesk.com/hc/ja/articles/360000558942
http://jvn.jp/en/vu/JVNVU94678942/index.html
https://fonjapan.zendesk.com/hc/ja/articles/360000558942