{"api_version":"1","generated_at":"2026-04-23T09:50:55+00:00","cve":"CVE-2015-8263","urls":{"html":"https://cve.report/CVE-2015-8263","api":"https://cve.report/api/cve/CVE-2015-8263.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-8263","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-8263"},"summary":{"title":"CVE-2015-8263","description":"NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2015-12-27 03:59:00","updated_at":"2016-11-28 19:46:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://www.kb.cert.org/vuls/id/403568","name":"VU#403568","refsource":"CERT-VN","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#403568 - Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/78873","name":"78873","refsource":"BID","tags":[],"title":"Netgear G54/N150 WNR1000v3 Router CVE-2015-8263 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-8263","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8263","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"8263","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netgear","cpe5":"wnr1000v3","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8263","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netgear","cpe5":"wnr1000v3","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8263","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netgear","cpe5":"wnr1000v3_firmware","cpe6":"1.0.2.68","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8263","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netgear","cpe5":"wnr1000v3_firmware","cpe6":"1.0.2.68","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2015-8263","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"78873","refsource":"BID","url":"http://www.securityfocus.com/bid/78873"},{"name":"VU#403568","refsource":"CERT-VN","url":"https://www.kb.cert.org/vuls/id/403568"}]}},"nvd":{"publishedDate":"2015-12-27 03:59:00","lastModifiedDate":"2016-11-28 19:46:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.6,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netgear:wnr1000v3_firmware:1.0.2.68:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:netgear:wnr1000v3:*:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"8263","Ordinal":"85280","Title":"CVE-2015-8263","CVE":"CVE-2015-8263","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"8263","Ordinal":"1","NoteData":"NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"8263","Ordinal":"2","NoteData":"2015-12-26","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"8263","Ordinal":"3","NoteData":"2016-11-25","Type":"Other","Title":"Modified"}]}}}