[Japanese]

JVNDB-2016-000109

CG-WLR300GNV Series does not limit authentication attempts

Overview

CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.

Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Corega Inc
  • CG-WLR300GNV
  • CG-WLR300GNV-W

Impact

An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network.
Solution

[Apply a Workaround]
The following workaround will mitigate this vulnerability.

* Disable the WPS functionality
Vendor Information

Corega Inc
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2016-4824
References

  1. JVN : JVN#75028871
  2. National Vulnerability Database (NVD) : CVE-2016-4824
Revision History

  • [2016/06/22]
      Web page was published
    [2016/06/29]
      References : Content was added