CVE-2024-23726
HIGHUbeeinteractive Ddw365 Firmware - Hard-coded Credentials
Title source: ruleDescription
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
References (1)
Core 1
Core References
Third Party Advisory
https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md
Scores
CVSS v3
8.8
EPSS
0.0070
EPSS Percentile
72.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
ubeeinteractive/ddw365_firmware
Published
Jan 21, 2024
Tracked Since
Feb 18, 2026