Last Modified: Fri, 18 Oct 2024 19:04:44 +0000 ; Created: Fri, 18 Oct 2024 19:04:44 +0000
The Calix GigaSpire (and possibly other models) transmit credentials over the WAN interface in clear-text for Dynamic DNS services. This is done despite an encrypted alternative being available from the Dynamic DNS services.
Remediation RecommendationThe vendor does not provide any way to force the use of HTTPS/TLS. The service dyndns.org offers a working, encrypted (TLS) service at https://update.dyndns.org. A workaround is to not use the Calix router for dynamic DNS updates but instead another client on the LAN.CVSS v3.1 scores:CVSS Base Score: 6.1CVSS Temporal Score: 6.0 Overall CVSS Score: 5.3 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L/E:F/RL:U/RC:C/CR:M/IR:M/AR:L/MAV:A/MAC:L/MPR:N/MUI:N/MS:C/MC:N/MI:L/MA:L&version=3.1 Timeline
|
|