Details of VAR-201610-0714

ID

VAR-201610-0714

TITLE

\302\240D-Link DWR-932B LET Router WPS System Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-09477

DESCRIPTION

The D-Link DWR-932BLET is a wireless router. The D-LinkDWR-932BLET router WPS system has an unauthorized access vulnerability. Since the WPS system PIN code is hard coded into the /bin/appmgr program, an attacker exploits the vulnerability to access the wireless network using a PIN without the need for a Wi-Fi password.

Trust: 0.6

sources: CNVD: CNVD-2016-09477

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-09477

AFFECTED PRODUCTS

vendor:

d link

model:

d-link dwr-932b

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-09477

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-09477
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-09477
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-09477

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-09477

Trust: 0.6

sources: CNVD: CNVD-2016-09477

REFERENCES

url:

http://thehackernews.com/2016/09/hacking-d-link-wireless-router.html

Trust: 0.6

sources: CNVD: CNVD-2016-09477

SOURCES

db:

CNVD

id:

CNVD-2016-09477

LAST UPDATE DATE

2022-05-04T09:29:48.878000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-09477

date:

2016-10-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-09477

date:

2016-10-18T00:00:00