CVE-2019-9555

Published: Mar 5, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.

Affected (1)

Products: Sagemcom: F@st 5260 Firmware

1 product

F@st 5260 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sagemcom F@st 5260 Firmware	Version 0.4.39

Running on/with	Platform Versions
Sagemcom F@st 5260	All versions

Related CWEs

Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (2)

https://seclists.org/fulldisclosure/2019/Mar/12

Source: cve@mitre.org

Mailing ListMitigationThird Party Advisory

https://seclists.org/fulldisclosure/2019/Mar/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListMitigationThird Party Advisory

Timeline

No history available yet.