ID
VAR-201406-0502
TITLE
Multiple Sitecom Products Admin Password Key Security Restriction Bypass Vulnerability
Trust: 0.6
DESCRIPTION
SITECOM WLR-4000/ WLR-4004 is a router. Multiple Sitecom products have an Admin cryptographic key security restriction bypass vulnerability, as the device generates a predictive way of managing passwords and WPA2 passphrases. Allows remote attackers to more easily obtain this information, allowing them to potentially access the device. This may lead to other attacks. The following products are vulnerable: Sitecom WLR-4000 v1 001 Sitecom WLR-4004 v1 001
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | sitecom | model: | wlr-4004 | scope: | eq | version: | 1.23 | Trust: 0.6 |
| vendor: | sitecom | model: | wlr-4000 | scope: | eq | version: | 1.23 | Trust: 0.6 |
| vendor: | sitecom | model: | wlr-4004 | scope: | eq | version: | v10010 | Trust: 0.3 |
| vendor: | sitecom | model: | wlr-4000 | scope: | eq | version: | v10010 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
local
Trust: 0.3
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 67717 | Trust: 0.9 |
| db: | OSVDB | id: | 107558 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-03891 | Trust: 0.6 |
REFERENCES
| url: | http://www.osvdb.com/107558 | Trust: 0.6 |
| url: | http://www.sitecom.com | Trust: 0.3 |
| url: | http://blog.emaze.net/2014/04/sitecom-firmware-and-wifi.html | Trust: 0.3 |
CREDITS
Roberto Paleari and Alessandro Di Pinto
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-03891 |
| db: | BID | id: | 67717 |
LAST UPDATE DATE
2022-05-17T01:47:58.899000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-03891 | date: | 2014-06-26T00:00:00 |
| db: | BID | id: | 67717 | date: | 2014-04-24T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-03891 | date: | 2014-06-26T00:00:00 |
| db: | BID | id: | 67717 | date: | 2014-04-24T00:00:00 |