CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-FX3C-8PQX-5V4C
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
{
"affected": [],
"aliases": [
"CVE-2017-13082"
],
"database_specific": {
"cwe_ids": [
"CWE-323",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-17T13:29:00Z",
"severity": "HIGH"
},
"details": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
"id": "GHSA-fx3c-8pqx-5v4c",
"modified": "2025-04-20T03:46:56Z",
"published": "2022-05-13T01:43:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13082"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"type": "WEB",
"url": "https://github.com/vanhoefm/krackattacks-test-ap-ft"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02"
},
{
"type": "WEB",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"type": "WEB",
"url": "https://www.krackattacks.com"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039570"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039571"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FX6X-7XGX-2WWP
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2025-05-05 18:30ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
{
"affected": [],
"aliases": [
"CVE-2020-13817"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-04T13:15:00Z",
"severity": "MODERATE"
},
"details": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"id": "GHSA-fx6x-7xgx-2wwp",
"modified": "2025-05-05T18:30:44Z",
"published": "2022-05-24T17:19:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13817"
},
{
"type": "WEB",
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200625-0004"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FXFF-WXXV-C2JC
Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2024-10-14 17:04PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypinksign"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-48056"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-17T21:42:37Z",
"nvd_published_at": "2023-11-16T18:15:07Z",
"severity": "HIGH"
},
"details": "PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.",
"id": "GHSA-fxff-wxxv-c2jc",
"modified": "2024-10-14T17:04:19Z",
"published": "2023-11-16T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48056"
},
{
"type": "WEB",
"url": "https://github.com/bandoche/PyPinkSign/issues/29"
},
{
"type": "WEB",
"url": "https://github.com/bandoche/PyPinkSign/commit/e1809ddf6a266e9007e10f0486b462fa7f89a43d"
},
{
"type": "PACKAGE",
"url": "https://github.com/bandoche/PyPinkSign"
},
{
"type": "WEB",
"url": "https://github.com/bandoche/PyPinkSign/blob/main/pypinksign/pypinksign.py#L504"
},
{
"type": "WEB",
"url": "https://github.com/bandoche/PyPinkSign/blob/main/pypinksign/pypinksign.py#L537"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pypinksign/PYSEC-2023-245.yaml"
},
{
"type": "WEB",
"url": "https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption"
}
GHSA-FXHG-25Q8-4697
Vulnerability from github – Published: 2022-11-07 12:00 – Updated: 2025-06-24 18:33An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.
{
"affected": [],
"aliases": [
"CVE-2022-44795"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-07T04:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.",
"id": "GHSA-fxhg-25q8-4697",
"modified": "2025-06-24T18:33:07Z",
"published": "2022-11-07T12:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44795"
},
{
"type": "WEB",
"url": "https://objectfirst.com/security/of-20221024-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G24W-373R-5PXG
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-11-01 23:37Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apereo.cas:cas-server-support-simple-mfa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0-RC5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apereo.cas:cas-server-support-oidc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0-RC5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apereo.cas:cas-server-core-services-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0-RC5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apereo.cas:cas-server-support-oauth-core-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0-RC5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apereo.cas:cas-server-support-shell"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0-RC5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apereo.cas:cas-server-core-services-authentication"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0-RC5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10754"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-01T23:37:32Z",
"nvd_published_at": "2019-09-23T23:15:00Z",
"severity": "HIGH"
},
"details": "Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG\u0027s algorithm not being cryptographically strong.",
"id": "GHSA-g24w-373r-5pxg",
"modified": "2022-11-01T23:37:32Z",
"published": "2022-05-24T16:56:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10754"
},
{
"type": "WEB",
"url": "https://github.com/apereo/cas/commit/40bf278e66786544411c471de5123e7a71826b9f"
},
{
"type": "PACKAGE",
"url": "https://github.com/apereo/cas"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Insufficiently Random Values in Apereo CAS"
}
GHSA-G3P2-HFQR-9M25
Vulnerability from github – Published: 2021-11-23 17:54 – Updated: 2023-06-30 20:31A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration. To fix this, a check for allowed file extensions was added before downloading files to a tmp directory
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "concrete5/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.5.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-22968"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-98"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-22T19:41:50Z",
"nvd_published_at": "2021-11-19T19:15:00Z",
"severity": "HIGH"
},
"details": "A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it\u0027s possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration. To fix this, a check for allowed file extensions was added before downloading files to a tmp directory",
"id": "GHSA-g3p2-hfqr-9m25",
"modified": "2023-06-30T20:31:40Z",
"published": "2021-11-23T17:54:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22968"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1350444"
},
{
"type": "WEB",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes"
},
{
"type": "PACKAGE",
"url": "https://github.com/olsgreen/concrete5-core"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper file handling in concrete5/core"
}
GHSA-G3WC-XV93-445Q
Vulnerability from github – Published: 2022-12-18 12:30 – Updated: 2022-12-22 23:06A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 can address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "DNS"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4248"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-22T23:06:24Z",
"nvd_published_at": "2022-12-18T11:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 can address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188.",
"id": "GHSA-g3wc-xv93-445q",
"modified": "2022-12-22T23:06:24Z",
"published": "2022-12-18T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4248"
},
{
"type": "WEB",
"url": "https://github.com/kapetan/dns/pull/88"
},
{
"type": "WEB",
"url": "https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6"
},
{
"type": "PACKAGE",
"url": "https://github.com/kapetan/dns"
},
{
"type": "WEB",
"url": "https://github.com/kapetan/dns/releases/tag/v7.0.0"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.216188"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "DNS NuGet package uses insufficiently random values"
}
GHSA-G4Q8-QVC6-PX3P
Vulnerability from github – Published: 2022-07-12 00:00 – Updated: 2022-07-19 00:00Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-35163"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-11T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\nversions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.",
"id": "GHSA-g4q8-qvc6-px3p",
"modified": "2022-07-19T00:00:25Z",
"published": "2022-07-12T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35163"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G5X6-QXV4-VXW3
Vulnerability from github – Published: 2024-03-28 03:30 – Updated: 2025-01-14 06:32Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to change settings via the internet.
{
"affected": [],
"aliases": [
"CVE-2024-28013"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T01:15:47Z",
"severity": "MODERATE"
},
"details": "Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to change settings via the internet.",
"id": "GHSA-g5x6-qxv4-vxw3",
"modified": "2025-01-14T06:32:00Z",
"published": "2024-03-28T03:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28013"
},
{
"type": "WEB",
"url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
},
{
"type": "WEB",
"url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G82M-Q2G7-55JC
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:29In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
{
"affected": [],
"aliases": [
"CVE-2020-27630"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T17:15:10Z",
"severity": "CRITICAL"
},
"details": "In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.",
"id": "GHSA-g82m-q2g7-55jc",
"modified": "2024-04-04T08:29:52Z",
"published": "2023-10-10T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27630"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"
},
{
"type": "WEB",
"url": "https://www.forescout.com"
},
{
"type": "WEB",
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.