CVE-2024-23726

Name of the Vulnerable Software and Affected Versions Ubee DDW365 XCNDDW365 devices (affected versions not specified) Ubee DDW366 XCNDXW3WB devices (affected versions not specified)

Description The issue concerns Ubee devices having predictable default WPA2 PSKs, which could lead to unauthorized remote access. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame. The PSK is generated using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

Recommendations For Ubee DDW365 XCNDDW365 devices, consider changing the default WPA2 PSK to a unique and strong password to prevent unauthorized access. For Ubee DDW366 XCNDXW3WB devices, consider changing the default WPA2 PSK to a unique and strong password to prevent unauthorized access. As a temporary workaround, restrict access to the Wi-Fi network to minimize the risk of exploitation.