CVE-2019-6015

HIGH

FON2601E-SE/RE/FSW-S/FSW-B < 1.1.7 - Uncontrolled Resource Consumption via Open DNS Resolver

Title source: llm
STIX 2.1

Description

FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://fonjapan.zendesk.com/hc/ja/articles/360000558942
Third Party Advisory x_refsource_misc
http://jvn.jp/en/vu/JVNVU94678942/index.html

Scores

CVSS v3 7.5
EPSS 0.0161
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (4)
fon/fon2601e-fsw-b_firmware < 1.1.7
fon/fon2601e-fsw-s_firmware < 1.1.7
fon/fon2601e-re_firmware < 1.1.7
fon/fon2601e-se_firmware < 1.1.7
Published Oct 04, 2019
Tracked Since Feb 18, 2026