CVE-2017-10874

PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks...

CVE-2017-10874

PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks...

CVE-2017-10874

The CVE-2017-10874 issue affects PWR-Q200, a mobile WiFi router by NTT East. The root cause is that DNS queries are sent with fixed (non-random) source ports (CWE-330), enabling remote attackers to perform DNS cache poisoning. Impact stated in sources: spoofed DNS responses could mislead devices ...

DNS Cache Poisoning Attack Vulnerability in NIPPON TELEGRAPH AND TELEPHONE EAST PWR-Q200

NIPPON TELEGRAPH AND TELEPHONE EAST PWR-Q200 is a removable wireless router from NIPPON TELEGRAPH AND TELEPHONE EAST, Japan. A DNS cache poisoning attack vulnerability exists in the NIPPON TELEGRAPH AND TELEPHONE EAST PWR-Q200, which originates from the program's failure to use a random value for...

PWR-Q200 vulnerable to DNS cache poisoning attacks

Overview PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Toshifumi Sakaguchi reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#73141967: PWR-Q200 vulnerable to DNS cache poisoning attacks

PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Impact The DNS responses spoofed by a remote attacker may result in any device on the LAN...