CVE-2022-3681

A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523	Vendor Advisory
https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:motorola:mr2600:*:*:*:*:*:*:*:*

cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-27 20:15

Updated : 2024-11-21 07:20

NVD link : CVE-2022-3681

Mitre link : CVE-2022-3681

CVE.ORG link : CVE-2022-3681

JSON object : View

Products Affected

motorola

mr2600

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-3681", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-10-27T20:15:08.707", "references": [{"url": "https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.\n "}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en el Router MR2600 v1.0.18 y anteriores que podr\u00eda permitir a un atacante dentro del alcance de la red inal\u00e1mbrica forzar con \u00e9xito el pin WPS, permiti\u00e9ndole potencialmente acceso no autorizado a una red inal\u00e1mbrica."}], "lastModified": "2024-11-21T07:20:01.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mr2600:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B84EB38A-4235-4126-A8FC-0399980647B8", "versionEndIncluding": "1.0.18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23CF30D0-9447-49F2-B33B-CA2BF24D6DD2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}