CVE-2014-9690

Name of the Vulnerable Software and Affected Versions Huawei home gateways WS318 versions V100R001C01B022 and earlier

Description The issue affects the WPS protocol due to a PIN offline brute force cracking vulnerability. This is caused by the random number generator (RNG) used in the supplier's solution not being random enough, making it easier for an attacker to brute force crack the PIN code. Once the PIN is cracked, the attacker can access the Internet via the compromised device.

Recommendations For versions V100R001C01B022 and earlier, consider disabling the WPS protocol until a patch is available to prevent brute force cracking of the PIN code. Restrict access to the device to minimize the risk of exploitation.