CVE-2019-12941

Name of the Vulnerable Software and Affected Versions AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15

Description The issue allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, providing root access to the device. This is possible because the default WiFi password and WiFi SSID are derived from the same hash function output, with the input being only 8 characters. As a result, an attacker can deduce the WiFi password from the WiFi SSID.

Recommendations For AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15, consider changing the default WiFi password to a stronger, unique password to prevent brute-force or dictionary attacks. Additionally, update the device to a version released after 2019-10-15, if available. As a temporary workaround, restrict access to the WiFi network to minimize the risk of exploitation.