WPA2 Security Flaw in Arris SBG6580 Devices
CVE-2024-25729

Currently unrated

Key Information:

Vendor: Arris
Status: SBG6580
Vendor: CVE Published:; 8 March 2024

What is CVE-2024-25729?

Arris SBG6580 devices expose a vulnerability due to predictable default WPA2 security passwords. This issue arises because the passwords are derived from the first six characters of the SSID combined with the last six characters of the BSSID, with a decrement applied to the final octet. This predictability can be exploited, potentially allowing unauthorized users to gain remote access to the network.

References

https://i.ebayimg.com/images/g/DhoAAOSwx0FbhhcN/s-l1600.jpg

https://i.ebayimg.com/images/g/z2oAAOSwO1pbQ9BS/s-l1600.jpg

https://github.com/actuator/cve/blob/main/Arris/SBG6580.png

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2024