Alphion ASEE Series Routers Default DNS Suffix Misconfiguration Vulnerability

Vulnerability

A vulnerability exists in Alphion Subscriber End Equipment Model ASEE series optical network terminals running Firmware v0.4.H.00.02.15. The issue arises from a misconfiguration that sets a previously unregistered domain name as the default DNS suffix. This flaw enables attackers to register the unclaimed domain, direct its wildcard DNS entry to an attacker-controlled IP address, and potentially intercept sensitive end-user network traffic.

Impact

Exploitation of this vulnerability could lead to interception and unauthorized access to sensitive network traffic from end users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alphion ASEE Series Routers Default DNS Suffix Misconfiguration Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating