MidnightBSD

Advisories for readynet_solutions

CVE-2015-7280 HIGH

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
readynet_solutions wrt300n-dd_firmware 1.0.26
CVE-2015-7281 MEDIUM

Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
readynet_solutions wrt300n-dd_firmware 1.0.26
CVE-2015-7282 MEDIUM

ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
readynet_solutions wrt300n-dd -
readynet_solutions wrt300n-dd_firmware 1.0.26