Japan Vulnerability NotesJVN:51250073JVN#51250073: CG-WLNCM4G may behave as an open resolver
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
71.6%
CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver.
Impact
The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack.
Solution
Do not use CG-WLNCM4G
As of December 25, 2015, there are no practical solutions to this issue.
It is recommended to stop using CG-WLNCM4G according to the information provided by the developer.
According to the developer, the following products are not affected by this issue.
-
CG-NCBU031A
-
CG-NCVD031A
-
CG-NCDO011A
-
CG-NCPFE011A
-
CG-NCPVD032A
Apply a Workaround
The following workaround may mitigate the affects of this issue. -
Restrict access to the product from the internet, through router settings or other functions
Products Affected
- CG-WLNCM4G
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
71.6%