CG-WLR300GNV Series does not limit authentication attempts


CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.

Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Corega Inc
  • CG-WLR300GNV
  • CG-WLR300GNV-W


An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network.

[Apply a Workaround]
The following workaround will mitigate this vulnerability.

* Disable the WPS functionality
Vendor Information

Corega Inc
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2016-4824

  1. JVN : JVN#75028871
  2. National Vulnerability Database (NVD) : CVE-2016-4824
Revision History

  • [2016/06/22]
      Web page was published
      References : Content was added