Vulnerabilities > CVE-2016-4824 - 7PK - Security Features vulnerability in Corega Cg-Wlr300Gnv-W Firmware and Cg-Wlr300Gnv Firmware

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

corega

CWE-254

NVD

Published: 2016-06-25

Updated: 2016-06-28

Summary

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Hardware	Corega Corega CG Wlr300Gnv - Corega CG Wlr300Gnv W -	2
OS	Corega Corega CG Wlr300Gnv Firmware - Corega CG Wlr300Gnv W Firmware -	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109
http://jvn.jp/en/jp/JVN75028871/index.html
http://corega.jp/support/security/20160622_wlr300gnv.htm