CVE-2013-4622 - The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 12345

CVE-2013-4622

Summary

The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

References

http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523
http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf

Vulnerable Configurations

cpe:2.3:h:htc:droid_incredible:-:*:*:*:*:*:*:*
cpe:2.3:h:htc:droid_incredible:-:*:*:*:*:*:*:*
cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:*
cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-06-2013 - 13:39)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523
misc	http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf

Last major update

19-06-2013 - 13:39

Published

19-06-2013 - 13:39

Last modified

19-06-2013 - 13:39