Ubee DDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access.
A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. WIFI PSK are generated by using the 1st 6 characters of the SSID + the last 6 of the BSSID, decrementing the last digit.
[Vulnerability Type Other] CWE-1392: Use of Default Credentials
[Vendor of Product] Ubee
[Affected Product Code Base]
Arris Wireless Cable Modem's - Model: Ubee DDW365
[Affected Component]
Ubee DDW365 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access.
[Attack Type] Context-dependent
[Impact Denial of Service] true
[Impact Escalation of Privileges]
true
[Impact Information Disclosure]
true
[Attack Vectors]
An attacker can scan for SSID & BSSIDs in proximity (or use a WarDriving Tool) & predict default Wi-Fi passwords.
[Reference]
https://github.com/actuator/cve/blob/main/Ubee/DDW365-I.jpg
https://github.com/actuator/cve/blob/main/Ubee/DDW365-II.jpg
[Discoverer] Edward Warren
