Vulnerability identifier: #VU70458
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
NBG7510
Hardware solutions /
Routers for home users
Vendor:
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a DNS misconfiguration. A remote non-authenticated attacker can perform DNS-related attacks, such as DNS tunneling or DNS amplification attacks, by using the open DNS resolver when the device is switched to the AP mode.Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dns-misconfiguration-in-nbg7510-home-router
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.