PT-2024-21115 · Arris · Arris Sbg6580

Edward Warren

Published

2024-03-07

Updated

2024-08-01

CVE-2024-25729

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Arris SBG6580 (affected versions not specified)

Description The issue concerns Arris SBG6580 devices, which have predictable default WPA2 security passwords. This predictability could lead to unauthorized remote access. The passwords are generated using the first 6 characters of the SSID and the last 6 characters of the BSSID, with the last octet decremented.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2024-25729

Affected Products

Arris Sbg6580

PT-2024-21115 · Arris · Arris Sbg6580

CVE-2024-25729

Weakness Enumeration

Related Identifiers

Affected Products

References · 8