CVE-2012-4366
low
CVSS v3
—
CVSS v2
3.3
VIR risk
3.3
Description
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
References
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0070.html
- http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/
- http://www.securityfocus.com/bid/56591
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80157
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0070.html
- http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/
- http://www.securityfocus.com/bid/56591
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80157
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.