cvelistv5 - CVE-2016-4824

CVE-2016-4824 (GCVE-0-2016-4824)

Vulnerability from cvelistv5

Published

2016-06-25 21:00

Modified

2024-08-06 00:39

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2016-4824

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-4824

Aliases

CVE-2016-4824

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4824",
    "description": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.",
    "id": "GSD-2016-4824"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4824"
      ],
      "details": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.",
      "id": "GSD-2016-4824",
      "modified": "2023-12-13T01:21:18.816180Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2016-4824",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2016-000109",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
          },
          {
            "name": "JVN#75028871",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN75028871/index.html"
          },
          {
            "name": "http://corega.jp/support/security/20160622_wlr300gnv.htm",
            "refsource": "CONFIRM",
            "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:corega:cg-wlr300gnv:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:corega:cg-wlr300gnv_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:corega:cg-wlr300gnv-w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:corega:cg-wlr300gnv-w_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4824"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-254"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2016-000109",
              "refsource": "JVNDB",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
            },
            {
              "name": "JVN#75028871",
              "refsource": "JVN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN75028871/index.html"
            },
            {
              "name": "http://corega.jp/support/security/20160622_wlr300gnv.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2016-06-28T00:33Z",
      "publishedDate": "2016-06-25T21:59Z"
    }
  }
}

cnvd-2016-04288

Vulnerability from cnvd

Title

Corega CG-WLR300GNV和CG-WLR300GNV-W权限获取漏洞

Description

Corega CG-WLR300GNV和CG-WLR300GNV-W都是日本Corega公司的无线局域网路由器。 Corega CG-WLR300GNV和CG-WLR300GNV-W中存在权限获取漏洞，该漏洞源于程序未能限制身份验证请求数量。在无线范围内的攻击者可利用该漏洞通过实施暴力破解攻击恢复PIN，获取网络的访问权限。

Severity

低

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： http://corega.jp/

Reference

http://jvn.jp/en/jp/JVN75028871/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109

Impacted products

Name
['Corega CG-WLR300GNV-W', 'Corega CG-WLR300GNV']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4824"
    }
  },
  "description": "Corega CG-WLR300GNV\u548cCG-WLR300GNV-W\u90fd\u662f\u65e5\u672cCorega\u516c\u53f8\u7684\u65e0\u7ebf\u5c40\u57df\u7f51\u8def\u7531\u5668\u3002\r\n\r\nCorega CG-WLR300GNV\u548cCG-WLR300GNV-W\u4e2d\u5b58\u5728\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9650\u5236\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u6570\u91cf\u3002\u5728\u65e0\u7ebf\u8303\u56f4\u5185\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5b9e\u65bd\u66b4\u529b\u7834\u89e3\u653b\u51fb\u6062\u590dPIN\uff0c\u83b7\u53d6\u7f51\u7edc\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://corega.jp/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04288",
  "openTime": "2016-06-24",
  "products": {
    "product": [
      "Corega CG-WLR300GNV-W",
      "Corega CG-WLR300GNV"
    ]
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN75028871/index.html\r\nhttp://jvndb.jvn.jp/jvndb/JVNDB-2016-000109",
  "serverity": "\u4f4e",
  "submitTime": "2016-06-23",
  "title": "Corega CG-WLR300GNV\u548cCG-WLR300GNV-W\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

ghsa-c28q-c5r3-37pq

Vulnerability from github

Published

2022-05-17 03:52

Modified

2022-05-17 03:52

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4824"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-25T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.",
  "id": "GHSA-c28q-c5r3-37pq",
  "modified": "2022-05-17T03:52:22Z",
  "published": "2022-05-17T03:52:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4824"
    },
    {
      "type": "WEB",
      "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN75028871/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. A permission acquisition vulnerability exists in CoregaCG-WLR300GNV and CG-WLR300GNV-W due to the failure of the program to limit the number of authentication requests. CG-WLR300GNV Series routers are prone to an information-disclosure vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0182",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cg-wlr300gnv-w",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "corega",
        "version": null
      },
      {
        "model": "cg-wlr300gnv",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "corega",
        "version": null
      },
      {
        "model": "cg-wlr300gnv-w",
        "scope": null,
        "trust": 1.4,
        "vendor": "corega",
        "version": null
      },
      {
        "model": "cg-wlr300gnv",
        "scope": null,
        "trust": 1.4,
        "vendor": "corega",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:corega:cg-wlr300gnv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:corega:cg-wlr300gnv-w",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-4824",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-4824",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-000109",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2016-04288",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-93643",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-4824",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-000109",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-4824",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2016-000109",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-04288",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201606-506",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93643",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. A permission acquisition vulnerability exists in CoregaCG-WLR300GNV and CG-WLR300GNV-W due to the failure of the program to limit the number of authentication requests. CG-WLR300GNV Series routers are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to bypass  certain security restrictions and aid in brute-force attacks; other  attacks may also be possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "BID",
        "id": "91351"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4824",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN75028871",
        "trust": 3.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "91351",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "db": "BID",
        "id": "91351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "id": "VAR-201606-0182",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      }
    ],
    "trust": 1.325
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:13:18.530000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About vulnerability that does not limit authentication attempts",
        "trust": 0.8,
        "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://jvn.jp/en/jp/jvn75028871/index.html"
      },
      {
        "trust": 2.3,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000109"
      },
      {
        "trust": 1.1,
        "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4824"
      },
      {
        "trust": 0.8,
        "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4824"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "db": "BID",
        "id": "91351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "date": "2016-06-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "date": "2016-06-22T00:00:00",
        "db": "BID",
        "id": "91351"
      },
      {
        "date": "2016-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "date": "2016-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "date": "2016-06-25T21:59:06.517000",
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04288"
      },
      {
        "date": "2016-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93643"
      },
      {
        "date": "2016-06-22T00:00:00",
        "db": "BID",
        "id": "91351"
      },
      {
        "date": "2016-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      },
      {
        "date": "2016-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      },
      {
        "date": "2024-11-21T02:53:03.440000",
        "db": "NVD",
        "id": "CVE-2016-4824"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CG-WLR300GNV Series does not limit authentication attempts",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-000109"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-506"
      }
    ],
    "trust": 0.6
  }
}

CVE-2016-4824

Vulnerability from jvndb

Published

2016-06-22 14:57

Modified

2016-06-29 16:04

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

CG-WLR300GNV Series does not limit authentication attempts

Details

CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN75028871/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Corega Inc	CG-WLR300GNV
	Corega Inc	CG-WLR300GNV-W

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
  "dc:date": "2016-06-29T16:04+09:00",
  "dcterms:issued": "2016-06-22T14:57+09:00",
  "dcterms:modified": "2016-06-29T16:04+09:00",
  "description": "CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.\r\n\r\nTakeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:corega:cg-wlr300gnv",
      "@product": "CG-WLR300GNV",
      "@vendor": "Corega Inc",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:corega:cg-wlr300gnv-w",
      "@product": "CG-WLR300GNV-W",
      "@vendor": "Corega Inc",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "3.3",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000109",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN75028871/index.html",
      "@id": "JVN#75028871",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824",
      "@id": "CVE-2016-4824",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824",
      "@id": "CVE-2016-4824",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "CG-WLR300GNV Series does not limit authentication attempts"
}

fkie_cve-2016-4824

Vulnerability from fkie_nvd

Published

2016-06-25 21:59

Modified

2025-04-12 10:46

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://corega.jp/support/security/20160622_wlr300gnv.htm	Vendor Advisory
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN75028871/index.html	Vendor Advisory
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://corega.jp/support/security/20160622_wlr300gnv.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN75028871/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109	Vendor Advisory

Impacted products

Vendor	Product	Version
corega	cg-wlr300gnv	-
corega	cg-wlr300gnv_firmware	-
corega	cg-wlr300gnv-w	-
corega	cg-wlr300gnv-w_firmware	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:corega:cg-wlr300gnv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41B47DEA-9EED-4773-A40C-38037EC7534F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:corega:cg-wlr300gnv_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A6762E-3729-47D3-B2BE-E4874D808105",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:corega:cg-wlr300gnv-w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CEA9894-E8BB-49E3-AC60-3C6E79ED6D24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:corega:cg-wlr300gnv-w_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A86D2D-421B-4439-8075-604E8B3BB1CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n Wi-Fi Protected Setup (WPS) en dispositivos Corega CG-WLR300GNV y CG-WLR300GNV-W no restringe el n\u00famero de intentos de autenticaci\u00f3n de PIN, lo que facilita a atacantes remotos obtener acceso a la red a trav\u00e9s de un ataque de fuerza bruta."
    }
  ],
  "id": "CVE-2016-4824",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-25T21:59:06.517",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN75028871/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN75028871/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-4824 (GCVE-0-2016-4824)

Vulnerability from cvelistv5

gsd-2016-4824

Vulnerability from gsd

cnvd-2016-04288

Vulnerability from cnvd

ghsa-c28q-c5r3-37pq

Vulnerability from github

var-201606-0182

Vulnerability from variot

CVE-2016-4824

Vulnerability from jvndb

fkie_cve-2016-4824

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature