An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.10922
Percentile:
0.93083
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
-
CWE-1241
: Use of Predictable Algorithm in Random Number Generator
-
CWE-330
: Use of Insufficiently Random Values
-
CWE-335
: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
All CAPEC(s)
-
CAPEC-112: Brute Force
-
CAPEC-485: Signature Spoofing by Key Recreation
-
CAPEC-59: Session Credential Falsification through Prediction
-
CAPEC-97: Cryptanalysis
CAPEC(s) with Mapped TTPs
-
CAPEC-112: Brute Force
Mapped TTPs:
-
CAPEC-485: Signature Spoofing by Key Recreation
Mapped TTPs:
Mapped ATT&CK TTPs
-
T1110
: Brute Force
Kill Chain: credential-access
-
T1552.004
: Private Keys
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
- Operation Wocao
- SolarWinds Compromise
- 2016 Ukraine Electric Power Attack
- Operation Dream Job
Affected Products
- cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*
← Back to Home