5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7 High
AI Score
Confidence
Low
0.041 Low
EPSS
Percentile
92.2%
The Wi-Fi Protected Setup (WPS) protocol, when the “external registrar” authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
code.google.com/p/reaver-wps/
sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps
www.kb.cert.org/vuls/id/723755
www.us-cert.gov/cas/techalerts/TA12-006A.html