Search

Find a vulnerability

Search criteria

    1 vulnerability found for CG-WLR300GNV by Corega Inc

    JVNDB-2016-000109

    Vulnerability from jvndb - Published: 2016-06-22 14:57 - Updated:2016-06-29 16:04
    Severity
    Summary
    CG-WLR300GNV Series does not limit authentication attempts
    Details
    CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
      "dc:date": "2016-06-29T16:04+09:00",
      "dcterms:issued": "2016-06-22T14:57+09:00",
      "dcterms:modified": "2016-06-29T16:04+09:00",
      "description": "CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.\r\n\r\nTakeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:corega:cg-wlr300gnv",
          "@product": "CG-WLR300GNV",
          "@vendor": "Corega Inc",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:corega:cg-wlr300gnv-w",
          "@product": "CG-WLR300GNV-W",
          "@vendor": "Corega Inc",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000109",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN75028871/index.html",
          "@id": "JVN#75028871",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824",
          "@id": "CVE-2016-4824",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824",
          "@id": "CVE-2016-4824",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "CG-WLR300GNV Series does not limit authentication attempts"
    }