Vulnerability in D-Link DWR-932B Router WPS PIN Generation
CVE-2016-10180

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dwr-932b Firmware
Vendor: CVE Published:; 30 January 2017

What is CVE-2016-10180?

A vulnerability was identified in the D-Link DWR-932B router related to the WPS PIN generation process. The router's method for generating the WPS PIN relies on a predictable random number generator, specifically using srand(time(0)) for seeding. This flaw can potentially allow an attacker to exploit the predictability of the PIN generation, posing significant risks to the security of the network. Users are encouraged to review potential workarounds and security measures to mitigate the risk associated with this vulnerability.

References

https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932...

x_refsource_MISC

http://www.securityfocus.com/bid/95877

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2017
Vulnerability Reserved
Jan 29, 2017