CVE-2024-23726

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23726
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*
History

29 Jan 2024, 15:25

Type Values Removed Values Added
CPE cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*
cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*
References () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - Third Party Advisory
CWE CWE-798
First Time Ubeeinteractive ddw365 Firmware
Ubeeinteractive
Ubeeinteractive ddw365
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

24 Jan 2024, 07:15

Type Values Removed Values Added
Summary (en) Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. (en) Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

22 Jan 2024, 14:01

Type Values Removed Values Added
Summary
  • (es) Los dispositivos Ubee DDW365 XCNDDW365 y DDW366 XCNDXW3WB tienen PSK WPA2 predeterminados predecibles que podrían provocar un acceso remoto no autorizado. Un atacante remoto (cerca de una red Wi-Fi) puede derivar el valor WPA2-PSK predeterminado observando una trama de baliza. Un PSK se genera utilizando los primeros seis caracteres del SSID y los últimos seis del BSSID, disminuyendo el último dígito.

21 Jan 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-21 04:15

Updated : 2024-01-29 15:25

NVD link : CVE-2024-23726

Mitre link : CVE-2024-23726

CVE.ORG link : CVE-2024-23726

JSON object : View

Products Affected

ubeeinteractive

  • ddw365
  • ddw365_firmware
CWE
CWE-798

Use of Hard-coded Credentials