CVE-2019-9555

Name of the Vulnerable Software and Affected Versions Sagemcom F@st 5260 version 0.4.39

Description The issue concerns the generation of a Pre-Shared Key (PSK) in WPA mode, which is derived from a 2-part wordlist of known values and a nonce with insufficient entropy. This results in a limited number of possible PSKs, approximately 1.78 billion, making it vulnerable to exploitation.

Recommendations For Sagemcom F@st 5260 version 0.4.39, consider changing the default PSK generation mechanism to one that uses sufficient entropy to produce a more secure key. As a temporary workaround, manually set a strong and unique PSK to minimize the risk of exploitation.