Executive Summary
Summary | |
---|---|
Title | D-Link DIR-685 Xtreme N storage router WPA/WPA2 encryption failure |
Informations | |||
---|---|---|---|
Name | VU#924307 | First vendor Publication | 2011-10-10 |
Vendor | VU-CERT | Last vendor Modification | 2011-10-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#924307D-Link DIR-685 Xtreme N storage router WPA/WPA2 encryption failureOverviewThe D-Link DIR-685 Xtreme N storage router is reported to fail open to an unencrypted wireless connection during heavy network load.I. DescriptionThe D-Link DIR-685 Xtreme N storage router when configured with WPA/WPA2 and an AES cipher with a pre-shared key (PSK) will fail to an open unencrypted wireless connection during heavy network load, such as, the transfer of several gigabytes of data. The router's wireless connection will remain in an open unencrypted state until the device is rebooted.II. ImpactAn attacker within physical range of the wireless router may be able to connect to the router's network without having to authenticate and then sniff traffic and also use the victim's Internet connection to launch other attacks.III. SolutionWe are currently unaware of a practical solution to this problem.Vendor Information
Referenceshttp://www.dlink.com/products/?pid=DIR-685&tab=3 Thanks to Jerry Decime for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/924307 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77433 | D-Link DIR-685 Router Network Traffic Transfer Encryption Weakness Wi-Fi Remo... |