Vulnerabilities > CVE-2012-4716 - Cryptographic Issues vulnerability in N-Tron 702W Industrial Wireless Access Point

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

NONE

network

n-tron

CWE-310

NVD

Published: 2015-06-13

Updated: 2015-06-16

Summary

N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

Vulnerable Configurations

Part	Description	Count
Hardware	N-Tron N Tron 702W Industrial Wireless Access Point -	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01