5.9

CVE-2020-15023

Exploit

EPSS 0.34%
Veröffentlicht 11.12.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 05:04:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Askey ≫ Ap5100w Firmware Version <= 1.01.097

Askey ≫ Ap5100w Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.559

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d

Third Party Advisory

Exploit

https://www.askey.com.tw/incident_report_notifications.html

Vendor Advisory

https://www.askey.com.tw/Products/wifi.html

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2020-15023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15023

EUVD