CVE-2022-3681

Summary

CVE-2022-3681 is a vulnerability found in the MR2600 router v1.0.18 and earlier versions. It allows an attacker within range of the wireless network to perform a brute force attack on the WPS pin, potentially gaining unauthorized access to the network. The vulnerability has a base severity rating of MEDIUM and a base score of 6.5 according to NIST's National Vulnerability Database (NVD). The exploitability score is 2.8, indicating a moderate level of difficulty for attackers to exploit this vulnerability. Although no privileges are required, this vulnerability does not require user interaction. The confidentiality impact is rated as HIGH, meaning that sensitive information could be compromised if exploited successfully. The attack vector is through an adjacent network and the attack complexity is low. There is no impact on integrity or availability. Remediation measures should include updating the MR2600 router firmware to the latest version available to mitigate this vulnerability and enhance network security. Note: Additional information could be provided if available from other sources or further analysis of the CVE entry.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.