Japan Vulnerability NotesJVN:96052093JVN#96052093: ETX-R vulnerable to denial-of-service (DoS)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
73.5%
ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability.
Impact
A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally.
Solution
Apply a Workaround
The following workarounds may mitigate the affects of this vulnerability.
- Enable the option “Disable WAN side ping reply”
According to the developer, the option “Disable WAN side ping reply” is enabled by default.
Note that these workarounds above do not prevent access from local networks.
Products Affected
- ETX-R
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
73.5%