Sign-up

ID

VAR-201606-0182


CVE

CVE-2016-4824


TITLE

CG-WLR300GNV Series does not limit authentication attempts

Trust: 0.8

sources: JVNDB: JVNDB-2016-000109

DESCRIPTION

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. A permission acquisition vulnerability exists in CoregaCG-WLR300GNV and CG-WLR300GNV-W due to the failure of the program to limit the number of authentication requests. CG-WLR300GNV Series routers are prone to an information-disclosure vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible

Trust: 2.52

sources: NVD: CVE-2016-4824 // JVNDB: JVNDB-2016-000109 // CNVD: CNVD-2016-04288 // BID: 91351 // VULHUB: VHN-93643

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04288

AFFECTED PRODUCTS

vendor:coregamodel:cg-wlr300gnv-wscope:eqversion: -

Trust: 1.6

vendor:coregamodel:cg-wlr300gnvscope:eqversion: -

Trust: 1.6

vendor:coregamodel:cg-wlr300gnv-wscope: - version: -

Trust: 1.4

vendor:coregamodel:cg-wlr300gnvscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2016-04288 // JVNDB: JVNDB-2016-000109 // CNNVD: CNNVD-201606-506 // NVD: CVE-2016-4824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4824
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2016-000109
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-04288
value: LOW

Trust: 0.6

CNNVD: CNNVD-201606-506
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93643
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4824
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000109
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-04288
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-93643
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4824
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000109
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-04288 // VULHUB: VHN-93643 // JVNDB: JVNDB-2016-000109 // CNNVD: CNNVD-201606-506 // NVD: CVE-2016-4824

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-287

Trust: 0.8

sources: VULHUB: VHN-93643 // JVNDB: JVNDB-2016-000109 // NVD: CVE-2016-4824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-506

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201606-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000109

PATCH
title:About vulnerability that does not limit authentication attemptsurl:http://corega.jp/support/security/20160622_wlr300gnv.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-000109

EXTERNAL IDS
db:NVDid:CVE-2016-4824
Trust: 3.4
db:JVNDBid:JVNDB-2016-000109
Trust: 3.1
db:JVNid:JVN75028871
Trust: 3.1
db:CNNVDid:CNNVD-201606-506
Trust: 0.7
db:CNVDid:CNVD-2016-04288
Trust: 0.6
db:BIDid:91351
Trust: 0.4
db:VULHUBid:VHN-93643
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04288 // 
            
            
            
            VULHUB: VHN-93643 // 
            
            
            
            BID: 91351 // 
            
            
            
            JVNDB: JVNDB-2016-000109 // 
            
            
            
            CNNVD: CNNVD-201606-506 // 
            
            
            
            NVD: CVE-2016-4824

REFERENCES
url:http://jvn.jp/en/jp/jvn75028871/index.html
Trust: 3.1
url:http://jvndb.jvn.jp/jvndb/jvndb-2016-000109
Trust: 2.3
url:http://corega.jp/support/security/20160622_wlr300gnv.htm
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4824
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4824
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-04288 // 
            
            
            
            VULHUB: VHN-93643 // 
            
            
            
            JVNDB: JVNDB-2016-000109 // 
            
            
            
            CNNVD: CNNVD-201606-506 // 
            
            
            
            NVD: CVE-2016-4824

CREDITS
Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-506

SOURCES
db:CNVDid:CNVD-2016-04288
db:VULHUBid:VHN-93643
db:BIDid:91351
db:JVNDBid:JVNDB-2016-000109
db:CNNVDid:CNNVD-201606-506
db:NVDid:CVE-2016-4824

LAST UPDATE DATE
2025-04-13T23:41:17.833000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04288date:2016-06-24T00:00:00
db:VULHUBid:VHN-93643date:2016-06-28T00:00:00
db:BIDid:91351date:2016-06-22T00:00:00
db:JVNDBid:JVNDB-2016-000109date:2016-06-29T00:00:00
db:CNNVDid:CNNVD-201606-506date:2016-06-27T00:00:00
db:NVDid:CVE-2016-4824date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04288date:2016-06-24T00:00:00
db:VULHUBid:VHN-93643date:2016-06-25T00:00:00
db:BIDid:91351date:2016-06-22T00:00:00
db:JVNDBid:JVNDB-2016-000109date:2016-06-22T00:00:00
db:CNNVDid:CNNVD-201606-506date:2016-06-23T00:00:00
db:NVDid:CVE-2016-4824date:2016-06-25T21:59:06.517