CVE-2016-10180

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
References
Link Resource
http://www.securityfocus.com/bid/95877 Broken Link Third Party Advisory VDB Entry
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html Exploit Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*

History

01 Aug 2024, 13:41

Type Values Removed Values Added
CWE CWE-330
CWE-1241

09 Feb 2024, 02:41

Type Values Removed Values Added
CWE CWE-338 CWE-335
References (BID) http://www.securityfocus.com/bid/95877 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/95877 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2017-01-30 04:59

Updated : 2024-08-01 13:41


NVD link : CVE-2016-10180

Mitre link : CVE-2016-10180

CVE.ORG link : CVE-2016-10180


JSON object : View

Products Affected

dlink

  • dwr-932b
  • dwr-932b_firmware
CWE
CWE-335

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CWE-1241

Use of Predictable Algorithm in Random Number Generator

CWE-330

Use of Insufficiently Random Values