CVE-2014-9690

HIGH Year: 2014
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-332
View all →

Vulnerability Description

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN, the attacker can access the Internet via the cracked device.

Related Vulnerabilities

CVE-2016-10743

HIGH
CVSS:7.5(High)

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

CWE-3322016

CVE-2016-9154

HIGH
CVSS:7.5(High)

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modul...

CWE-3322016

CVE-2019-1715

HIGH
CVSS:7.5(High)

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa...

CWE-3322019

CVE-2017-18486

HIGH
CVSS:7.2(High)

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset ...

CWE-3322017

CVE-2017-9371

MEDIUM
CVSS:5.9(Medium)

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able ...

CWE-3322017

CVE-2018-9057

CRITICAL
CVSS:9.8(Critical)

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remo...

CWE-3322018