7.5 - VU#924307

Executive Summary

Summary
Title	D-Link DIR-685 Xtreme N storage router WPA/WPA2 encryption failure

Informations
Name	VU#924307	First vendor Publication	2011-10-10
Vendor	VU-CERT	Last vendor Modification	2011-10-10
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#924307

D-Link DIR-685 Xtreme N storage router WPA/WPA2 encryption failure

Overview

The D-Link DIR-685 Xtreme N storage router is reported to fail open to an unencrypted wireless connection during heavy network load.

I. Description

The D-Link DIR-685 Xtreme N storage router when configured with WPA/WPA2 and an AES cipher with a pre-shared key (PSK) will fail to an open unencrypted wireless connection during heavy network load, such as, the transfer of several gigabytes of data. The router's wireless connection will remain in an open unencrypted state until the device is rebooted.

II. Impact

An attacker within physical range of the wireless router may be able to connect to the router's network without having to authenticate and then sniff traffic and also use the victim's Internet connection to launch other attacks.

III. Solution

We are currently unaware of a practical solution to this problem.

Vendor Information

Vendor	Status	Date Notified	Date Updated
D-Link Systems, Inc.	Affected	2011-08-29	2011-10-10

References

http://www.dlink.com/products/?pid=DIR-685&tab=3

Credit

Thanks to Jerry Decime for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:	2011-10-10
Date First Published:	2011-10-10
Date Last Updated:	2011-10-10
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Severity Metric:	0.60
Document Revision:	10

Original Source

Url : http://www.kb.cert.org/vuls/id/924307

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Dlink Dir-685 cpe:2.3:h:dlink:dir-685::::::::	1

Open Source Vulnerability Database (OSVDB)

Id	Description
77433	D-Link DIR-685 Router Network Traffic Transfer Encryption Weakness Wi-Fi Remo...

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	1
osvdb(s)	1

	Related
7.5	CVE-2011-4507
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)