Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for CG-WLR300GNV-W by Corega Inc

jvndb-2016-000109

Vulnerability from jvndb

Published

2016-06-22 14:57

Modified

2016-06-29 16:04

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

CG-WLR300GNV Series does not limit authentication attempts

Details

CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN75028871/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Corega Inc	CG-WLR300GNV
	Corega Inc	CG-WLR300GNV-W

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
  "dc:date": "2016-06-29T16:04+09:00",
  "dcterms:issued": "2016-06-22T14:57+09:00",
  "dcterms:modified": "2016-06-29T16:04+09:00",
  "description": "CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.\r\n\r\nTakeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:corega:cg-wlr300gnv",
      "@product": "CG-WLR300GNV",
      "@vendor": "Corega Inc",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:corega:cg-wlr300gnv-w",
      "@product": "CG-WLR300GNV-W",
      "@vendor": "Corega Inc",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "3.3",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000109",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN75028871/index.html",
      "@id": "JVN#75028871",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824",
      "@id": "CVE-2016-4824",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824",
      "@id": "CVE-2016-4824",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "CG-WLR300GNV Series does not limit authentication attempts"
}