JVN#51250073: CG-WLNCM4G may behave as an open resolver

2015-12-25T00:00:00
ID JVN:51250073
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-12-25T00:00:00

Description

## Description

CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver.

## Impact

The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack.

## Solution

Do not use CG-WLNCM4G
As of December 25, 2015, there are no practical solutions to this issue.
It is recommended to stop using CG-WLNCM4G according to the information provided by the developer.

According to the developer, the following products are not affected by this issue.

  • CG-NCBU031A
  • CG-NCVD031A
  • CG-NCDO011A
  • CG-NCPFE011A
  • CG-NCPVD032A Apply a Workaround
    The following workaround may mitigate the affects of this issue.

  • Restrict access to the product from the internet, through router settings or other functions

## Products Affected

  • CG-WLNCM4G