CVE-2020-15023
MEDIUMAskey AP5100W <AP5100W_Dual_SIG_1.01.097 - Info Disclosure
Title source: llmDescription
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.askey.com.tw/Products/wifi.html
Vendor Advisory x_refsource_confirm
https://www.askey.com.tw/incident_report_notifications.html
Exploit, Third Party Advisory x_refsource_misc
https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
Scores
CVSS v3
5.9
EPSS
0.0161
EPSS Percentile
72.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
Status
published
Products (1)
askey/ap5100w_firmware
< 1.01.097
Published
Dec 11, 2020
Tracked Since
Feb 18, 2026