CVE-2020-15023

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.

Los dispositivos Askey AP5100W versiones hasta AP5100W_Dual_SIG_1.01.097 están afectados por un descifrado de fuerza bruta fuera de línea WPS PIN. Esto surge debido a problemas con la selección de números aleatorios para el intercambio Diffie-Hellman. Al capturar un intento de autenticación WPS intentado (e incluso fallido), es posible forzar el intercambio de autenticación general por fuerza bruta. Esto permite a un atacante obtener el WPS PIN recuperado en minutos o incluso segundos y, eventualmente, obtener la clave Wi-Fi PSK, consiguiendo acceso a la red Wi=Fi

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-24 CVE Reserved
2020-12-11 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-330: Use of Insufficiently Random Values

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://www.askey.com.tw/Products/wifi.html	2022-08-06
https://www.askey.com.tw/incident_report_notifications.html	2022-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Askey Search vendor "Askey"	Ap5100w Firmware Search vendor "Askey" for product "Ap5100w Firmware"	<= 1.01.097 Search vendor "Askey" for product "Ap5100w Firmware" and version " <= 1.01.097"	-	Affected	in	Askey Search vendor "Askey"	Ap5100w Search vendor "Askey" for product "Ap5100w"	-	-	Safe