Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CableTap/doc/advisories/bastille-21.default-wifi-credentials.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
51 lines (22 sloc)
1.28 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Bastille Tracking Number 21 | |
| CVE-2017-9522 | |
| Overview | |
| A vulnerability has been discovered that enables an attacker to connect to a Time Warner customer's Wi-Fi network, provided that the customer's gateway is using the default Wi-Fi credentials. This allows the attacker to access the Internet for free, and attribute any malicious activity to the Time Warner customer they are impersonating. | |
| Affected Platforms | |
| Technicolor TC8717T | |
| Proof-of-Concept Details | |
| The default Wi-Fi passphrase is a combination of the SSID and BSSID, making it trivial for an attacker to connect to a Time Warner customer's Wi-Fi network. | |
| Default Wi-Fi credentials are configured as follows: | |
| SSID: TC8717T66 | |
| Passphrase: TC8717T334466 | |
| BSSID: 00:11:22:33:44:55 | |
| By observing a beacon frame, which contains the SSID and BSSID, an attacker is able to generate the passphrase, and connect to the customer's private Wi-Fi network. | |
| Test Environment | |
| Technicolor TC8717T | |
| Mitigation | |
| Time Warner customers can mitigate this vulnerability by changing the Wi-Fi credentials on their gateway. | |
| Recommended Remediation | |
| Use default Wi-Fi credentials which are difficult for an attacker to guess. | |
| Credits | |
| Marc Newlin and Logan Lamb, Bastille | |
| Chris Grayson, Web Sight.IO |