JVN#62507275
Multiple broadband routers may behave as open resolvers
Overview
Multiple broadband routers contain an issue where they may behave as open resolvers.
Products Affected
A wide range of products are affected.
For more information, please refer to the information under "Vendor Status"
Description
A device that runs as a DNS cache server, which responds to any
recursive DNS queries that are received is referred to as an open
resolver.
Multiple broadband routers may contain an issue where they may behave as open resolvers.
Impact
The device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack.
Solution
Apply an Update or Change the Settings
Apply the appropriate solution (update, patch, settings change, etc.) according to the information provided by the developer
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Internet Initiative Japan Inc. | Vulnerable | 2013/09/19 | Internet Initiative Japan Inc. website |
| NEC Corporation | Vulnerable | 2013/09/25 | |
| Shinsei Corporation | Vulnerable | 2013/09/19 | |
| Yamaha Corporation | Vulnerable | 2013/09/19 | Yamaha Corporation website |
| YMIRLINK Inc. | Not Vulnerable | 2013/09/19 | |
| Yokogawa Meters & Instruments Corporation | Not Vulnerable | 2013/09/19 |
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.09.19
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC.
In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2013-000087 |
Update History
- 2013/09/19
- NEC Corporation update status
- 2013/09/20
- NEC Corporation update status
- 2013/09/25
- NEC Corporation update status
- 2013/10/30
- Title was fixed.