CVE-2024-23726

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23726
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*
History

29 Jan 2024, 15:25

Type Values Removed Values Added
CWE CWE-798
First Time Ubeeinteractive ddw365
Ubeeinteractive ddw365 Firmware
Ubeeinteractive
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*
References () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - Third Party Advisory

24 Jan 2024, 07:15

Type Values Removed Values Added
Summary Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

21 Jan 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-21 04:15

Updated : 2024-02-28 20:54

NVD link : CVE-2024-23726

Mitre link : CVE-2024-23726

CVE.ORG link : CVE-2024-23726

JSON object : View

Products Affected

ubeeinteractive

  • ddw365
  • ddw365_firmware
CWE
CWE-798

Use of Hard-coded Credentials


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024